daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

buffer: check byteLength in readUInt(B|L)E 

PR-URL: https://github.com/nodejs/node/pull/11146
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
pull/17971/merge
Rich Trott 2018-01-02 16:10:57 -08:00 committed by Ruben Bridgewater
parent 94d64877ff
commit 9fea7eae9a
No known key found for this signature in database
GPG Key ID: F07496B3EB3C1762
3 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
benchmark/buffers/buffer-read-with-byteLength.js
View File

@ -2,8 +2,10 @@
const common = require('../common.js');
const types = [
'IntLE',
'IntBE',
'IntLE',
'UIntBE',
'UIntLE'
];
const bench = common.createBenchmark(main, {

8
lib/buffer.js
View File

@ -1040,8 +1040,10 @@ Buffer.prototype.readUIntLE =
function readUIntLE(offset, byteLength, noAssert) {
offset = offset >>> 0;
byteLength = byteLength >>> 0;
if (!noAssert)
if (!noAssert) {
checkByteLength(byteLength);
checkOffset(offset, byteLength, this.length);
}
var val = this[offset];
var mul = 1;
@ -1057,8 +1059,10 @@ Buffer.prototype.readUIntBE =
function readUIntBE(offset, byteLength, noAssert) {
offset = offset >>> 0;
byteLength = byteLength >>> 0;
if (!noAssert)
if (!noAssert) {
checkByteLength(byteLength);
checkOffset(offset, byteLength, this.length);
}
var val = this[offset + --byteLength];
var mul = 1;

10
test/parallel/test-buffer-read.js
View File

@ -57,8 +57,14 @@ read(buf, 'readUInt32BE', [1], 0xfd48eacf);
read(buf, 'readUInt32LE', [1], 0xcfea48fd);
// testing basic functionality of readUIntBE() and readUIntLE()
read(buf, 'readUIntBE', [2, 0], 0xfd);
read(buf, 'readUIntLE', [2, 0], 0x48);
read(buf, 'readUIntBE', [2, 2], 0x48ea);
read(buf, 'readUIntLE', [2, 2], 0xea48);
// invalid byteLength parameter for readUIntBE() and readUIntLE()
common.expectsError(() => { buf.readUIntBE(2, 0); },
{ code: 'ERR_OUT_OF_RANGE' });
common.expectsError(() => { buf.readUIntLE(2, 7); },
{ code: 'ERR_OUT_OF_RANGE' });
// attempt to overflow buffers, similar to previous bug in array buffers
assert.throws(() => Buffer.allocUnsafe(8).readFloatBE(0xffffffff),