Browse Source

buffer: zero-fill uninitialized bytes in .concat()

This makes sure that no uninitialized bytes are leaked when the specified
`totalLength` input value is greater than the actual total length of the
specified buffers array, e.g. in Buffer.concat([Buffer.alloc(0)], 100).

PR-URL: https://github.com/nodejs/node-private/pull/64
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
v7.x
Сковорода Никита Андреевич 8 years ago
committed by James M Snell
parent
commit
9c04dffdaa
  1. 8
      lib/buffer.js
  2. 24
      test/parallel/test-buffer-concat.js

8
lib/buffer.js

@ -338,6 +338,14 @@ Buffer.concat = function(list, length) {
pos += buf.length; pos += buf.length;
} }
// Note: `length` is always equal to `buffer.length` at this point
if (pos < length) {
// Zero-fill the remaining bytes if the specified `length` was more than
// the actual total length, i.e. if we have some remaining allocated bytes
// there were not initialized.
buffer.fill(0, pos, length);
}
return buffer; return buffer;
}; };

24
test/parallel/test-buffer-concat.js

@ -1,5 +1,5 @@
'use strict'; 'use strict';
require('../common'); const common = require('../common');
const assert = require('assert'); const assert = require('assert');
const zero = []; const zero = [];
@ -38,3 +38,25 @@ function assertWrongList(value) {
err.message === '"list" argument must be an Array of Buffers'; err.message === '"list" argument must be an Array of Buffers';
}); });
} }
const random10 = common.hasCrypto
? require('crypto').randomBytes(10)
: Buffer.alloc(10, 1);
const empty = Buffer.alloc(0);
assert.notDeepStrictEqual(random10, empty);
assert.notDeepStrictEqual(random10, Buffer.alloc(10));
assert.deepStrictEqual(Buffer.concat([], 100), empty);
assert.deepStrictEqual(Buffer.concat([random10], 0), empty);
assert.deepStrictEqual(Buffer.concat([random10], 10), random10);
assert.deepStrictEqual(Buffer.concat([random10, random10], 10), random10);
assert.deepStrictEqual(Buffer.concat([empty, random10]), random10);
assert.deepStrictEqual(Buffer.concat([random10, empty, empty]), random10);
// The tail should be zero-filled
assert.deepStrictEqual(Buffer.concat([empty], 100), Buffer.alloc(100));
assert.deepStrictEqual(Buffer.concat([empty], 4096), Buffer.alloc(4096));
assert.deepStrictEqual(
Buffer.concat([random10], 40),
Buffer.concat([random10, Buffer.alloc(30)]));

Loading…
Cancel
Save