From 9ef71ab6d3517e5b3cfc871cf99473c911f13742 Mon Sep 17 00:00:00 2001 From: Anna Henningsen Date: Sun, 29 May 2016 20:03:32 +0200 Subject: [PATCH] buffer: ignore negative allocation lengths MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Treat negative length arguments to `Buffer()`/`allocUnsafe()` as if they were zero so the allocation does not affect the pool’s offset. Fixes: https://github.com/nodejs/node/issues/7047 Refs: https://github.com/nodejs/node/pull/7051 Refs: https://github.com/nodejs/node/pull/7221 Refs: https://github.com/nodejs/node/pull/7475 PR-URL: https://github.com/nodejs/node/pull/7562 Reviewed-By: Trevor Norris Reviewed-By: James M Snell Reviewed-By: Nikolai Vavilov --- lib/buffer.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/buffer.js b/lib/buffer.js index 3fe08c81b91ebf..23771b15bfca0e 100644 --- a/lib/buffer.js +++ b/lib/buffer.js @@ -79,8 +79,8 @@ Object.setPrototypeOf(SlowBuffer, Uint8Array); function allocate(size) { - if (size === 0) { - return createBuffer(size); + if (size <= 0) { + return createBuffer(0); } if (size < (Buffer.poolSize >>> 1)) { if (size > (poolSize - poolOffset))