From edcb6c060334ee0a15395a95a152a8fd36d2e475 Mon Sep 17 00:00:00 2001 From: "P.S.V.R" Date: Mon, 16 Nov 2015 10:59:07 +0800 Subject: [PATCH] buffer: let WriteFloatGeneric silently drop values Documentation currently states that setting noAssert and passing a value larger than can fit in the Buffer will cause data to be silently dropped. Change implementation to match documented behavior. Fixes: https://github.com/nodejs/node/issues/3766 Reviewed-By: Trevor Norris --- src/node_buffer.cc | 8 +++++--- test/parallel/test-buffer-arraybuffer.js | 7 +++++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/node_buffer.cc b/src/node_buffer.cc index 7d428b2b13..7c9beb58bb 100644 --- a/src/node_buffer.cc +++ b/src/node_buffer.cc @@ -730,7 +730,9 @@ uint32_t WriteFloatGeneric(const FunctionCallbackInfo& args) { T val = args[1]->NumberValue(); uint32_t offset = args[2]->Uint32Value(); - CHECK_LE(offset + sizeof(T), ts_obj_length); + size_t memcpy_num = sizeof(T); + if (offset + sizeof(T) > ts_obj_length) + memcpy_num = ts_obj_length - offset; union NoAlias { T val; @@ -741,8 +743,8 @@ uint32_t WriteFloatGeneric(const FunctionCallbackInfo& args) { char* ptr = static_cast(ts_obj_data) + offset; if (endianness != GetEndianness()) Swizzle(na.bytes, sizeof(na.bytes)); - memcpy(ptr, na.bytes, sizeof(na.bytes)); - return offset + sizeof(na.bytes); + memcpy(ptr, na.bytes, memcpy_num); + return offset + memcpy_num; } diff --git a/test/parallel/test-buffer-arraybuffer.js b/test/parallel/test-buffer-arraybuffer.js index c13d0ba411..c25de262ea 100644 --- a/test/parallel/test-buffer-arraybuffer.js +++ b/test/parallel/test-buffer-arraybuffer.js @@ -44,3 +44,10 @@ assert.throws(function() { AB.prototype.__proto__ = ArrayBuffer.prototype; new Buffer(new AB()); }, TypeError); + +// write{Double,Float}{LE,BE} with noAssert should not crash, cf. #3766 +var b = new Buffer(1); +b.writeFloatLE(11.11, 0, true); +b.writeFloatBE(11.11, 0, true); +b.writeDoubleLE(11.11, 0, true); +b.writeDoubleBE(11.11, 0, true);