buffer: Prevent Buffer constructor deopt

The Buffer constructor will generally get inlined, but any call to the Buffer constructor for a string without encoding will cause an eager deoptimization of any function that inlined the Buffer constructor. This is due to a an out-of-bounds read on `arguments[1]`. This change prevents that deopt. PR-URL: https://github.com/nodejs/node/pull/4158 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Trevor Norris <trev.norris@gmail.com> Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
9 years ago · e3a8e8bba4
1 changed files with 2 additions and 2 deletions
--- a/lib/buffer.js
+++ b/lib/buffer.js
@ -40,7 +40,7 @@ function alignPool() {
 }


-function Buffer(arg) {
+function Buffer(arg, encoding) {
  // Common case.
  if (typeof arg === 'number') {
    // If less than zero, or NaN.
@ -51,7 +51,7 @@ function Buffer(arg) {

  // Slightly less common case.
  if (typeof arg === 'string') {
-    return fromString(arg, arguments[1]);
+    return fromString(arg, encoding);
  }

  // Unusual.