From 0ed3a7c11b4031bdb56908b16f2aa5aea24c1813 Mon Sep 17 00:00:00 2001 From: "P.S.V.R" Date: Mon, 16 Nov 2015 10:59:07 +0800 Subject: [PATCH] buffer: let WriteFloatGeneric silently drop values Documentation currently states that setting noAssert and passing a value larger than can fit in the Buffer will cause data to be silently dropped. Change implementation to match documented behavior. Fixes: https://github.com/nodejs/node/issues/3766 Reviewed-By: Trevor Norris --- src/node_buffer.cc | 8 +++++--- test/parallel/test-buffer-arraybuffer.js | 7 +++++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/node_buffer.cc b/src/node_buffer.cc index e4af4909ffbe59..b508c48c4742e4 100644 --- a/src/node_buffer.cc +++ b/src/node_buffer.cc @@ -735,7 +735,9 @@ uint32_t WriteFloatGeneric(const FunctionCallbackInfo& args) { T val = args[1]->NumberValue(); uint32_t offset = args[2]->Uint32Value(); - CHECK_LE(offset + sizeof(T), ts_obj_length); + size_t memcpy_num = sizeof(T); + if (offset + sizeof(T) > ts_obj_length) + memcpy_num = ts_obj_length - offset; union NoAlias { T val; @@ -746,8 +748,8 @@ uint32_t WriteFloatGeneric(const FunctionCallbackInfo& args) { char* ptr = static_cast(ts_obj_data) + offset; if (endianness != GetEndianness()) Swizzle(na.bytes, sizeof(na.bytes)); - memcpy(ptr, na.bytes, sizeof(na.bytes)); - return offset + sizeof(na.bytes); + memcpy(ptr, na.bytes, memcpy_num); + return offset + memcpy_num; } diff --git a/test/parallel/test-buffer-arraybuffer.js b/test/parallel/test-buffer-arraybuffer.js index c13d0ba4118aad..c25de262ea9779 100644 --- a/test/parallel/test-buffer-arraybuffer.js +++ b/test/parallel/test-buffer-arraybuffer.js @@ -44,3 +44,10 @@ assert.throws(function() { AB.prototype.__proto__ = ArrayBuffer.prototype; new Buffer(new AB()); }, TypeError); + +// write{Double,Float}{LE,BE} with noAssert should not crash, cf. #3766 +var b = new Buffer(1); +b.writeFloatLE(11.11, 0, true); +b.writeFloatBE(11.11, 0, true); +b.writeDoubleLE(11.11, 0, true); +b.writeDoubleBE(11.11, 0, true);