buffer: zero fill Buffer(num) by default

PR-URL: https://github.com/nodejs/node/pull/12141 Ref: https://github.com/nodejs/CTC/issues/89 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com>
8 years ago · 7eb1b4658e
3 changed files with 34 additions and 18 deletions
--- a/doc/api/buffer.md
+++ b/doc/api/buffer.md
@ -52,13 +52,16 @@ In versions of Node.js prior to v6, `Buffer` instances were created using the
 differently based on what arguments are provided:
 * Passing a number as the first argument to `Buffer()` (e.g. `new Buffer(10)`),
-  allocates a new `Buffer` object of the specified size. The memory allocated
+  allocates a new `Buffer` object of the specified size. Prior to Node.js 8.0.0,
-  for such `Buffer` instances is *not* initialized and *can contain sensitive
+  the memory allocated for such `Buffer` instances is *not* initialized and
-  data*. Such `Buffer` instances *must* be initialized *manually* by using either
+  *can contain sensitive data*. Such `Buffer` instances *must* be subsequently
-  [`buf.fill(0)`][`buf.fill()`] or by writing to the `Buffer` completely. While
+  initialized by using either [`buf.fill(0)`][`buf.fill()`] or by writing to the
-  this behavior is *intentional* to improve performance, development experience
+  `Buffer` completely. While this behavior is *intentional* to improve
-  has demonstrated that a more explicit distinction is required between creating
+  performance, development experience has demonstrated that a more explicit
-  a fast-but-uninitialized `Buffer` versus creating a slower-but-safer `Buffer`.
+  distinction is required between creating a fast-but-uninitialized `Buffer`
  versus creating a slower-but-safer `Buffer`. Starting in Node.js 8.0.0,
  `Buffer(num)` and `new Buffer(num)` will return a `Buffer` with initialized
  memory.
 * Passing a string, array, or `Buffer` as the first argument copies the
  passed object's data into the `Buffer`.
 * Passing an [`ArrayBuffer`] returns a `Buffer` that shares allocated memory with
@ -427,6 +430,9 @@ console.log(buf2.toString());
 <!-- YAML
 deprecated: v6.0.0
 changes:
  - version: v8.0.0
    pr-url: https://github.com/nodejs/node/pull/12141
    description: new Buffer(size) will return zero-filled memory by default.
  - version: v7.2.1
    pr-url: https://github.com/nodejs/node/pull/9529
    description: Calling this constructor no longer emits a deprecation warning.
@ -444,21 +450,17 @@ Allocates a new `Buffer` of `size` bytes.  If the `size` is larger than
 [`buffer.kMaxLength`] or smaller than 0, a [`RangeError`] will be thrown.
 A zero-length `Buffer` will be created if `size` is 0.
-Unlike [`ArrayBuffers`][`ArrayBuffer`], the underlying memory for `Buffer` instances
+Prior to Node.js 8.0.0, the underlying memory for `Buffer` instances
-created in this way is *not initialized*. The contents of a newly created `Buffer`
+created in this way is *not initialized*. The contents of a newly created
-are unknown and *could contain sensitive data*. Use
+`Buffer` are unknown and *may contain sensitive data*. Use
-[`Buffer.alloc(size)`][`Buffer.alloc()`] instead to initialize a `Buffer` to zeroes.
+[`Buffer.alloc(size)`][`Buffer.alloc()`] instead to initialize a `Buffer`
 to zeroes.
 Example:
 ```js
 const buf = new Buffer(10);
 // Prints: (contents may vary): <Buffer 48 21 4b 00 00 00 00 00 30 dd>
 console.log(buf);
 buf.fill(0);
 // Prints: <Buffer 00 00 00 00 00 00 00 00 00 00>
 console.log(buf);
 ```
@ -2595,7 +2597,7 @@ Allocates a new `Buffer` of `size` bytes.  If the `size` is larger than
 A zero-length `Buffer` will be created if `size` is 0.
 The underlying memory for `SlowBuffer` instances is *not initialized*. The
-contents of a newly created `SlowBuffer` are unknown and could contain
+contents of a newly created `SlowBuffer` are unknown and may contain
 sensitive data. Use [`buf.fill(0)`][`buf.fill()`] to initialize a `SlowBuffer` to zeroes.
 Example:
--- a/lib/buffer.js
+++ b/lib/buffer.js
@ -102,7 +102,7 @@ function Buffer(arg, encodingOrOffset, length) {
        'If encoding is specified then the first argument must be a string'
      );
    }
-    return Buffer.allocUnsafe(arg);
+    return Buffer.alloc(arg);
  }
  return Buffer.from(arg, encodingOrOffset, length);
 }
--- a/test/parallel/test-buffer-zero-fill.js
+++ b/test/parallel/test-buffer-zero-fill.js
@ -0,0 +1,14 @@
 'use strict';
 require('../common');
 const assert = require('assert');
 const Buffer = require('buffer').Buffer;
 const buf1 = Buffer(100);
 const buf2 = new Buffer(100);
 for (let n = 0; n < buf1.length; n++)
  assert.strictEqual(buf1[n], 0);
 for (let n = 0; n < buf2.length; n++)
  assert.strictEqual(buf2[n], 0);