Skip to content

Commit

Permalink
buffer: check byteLength in readIntBE() and readIntLE()
Browse files Browse the repository at this point in the history
  • Loading branch information
Trott committed Jan 5, 2018
1 parent bac64ba commit 710d1dc
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 5 deletions.
4 changes: 3 additions & 1 deletion benchmark/buffers/buffer-read-with-byteLength.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,10 @@
const common = require('../common.js');

const types = [
'IntLE',
'IntBE',
'IntLE',
'UIntBE',
'UIntLE'
];

const bench = common.createBenchmark(main, {
Expand Down
8 changes: 6 additions & 2 deletions lib/buffer.js
Original file line number Diff line number Diff line change
Expand Up @@ -1040,8 +1040,10 @@ Buffer.prototype.readUIntLE =
function readUIntLE(offset, byteLength, noAssert) {
offset = offset >>> 0;
byteLength = byteLength >>> 0;
if (!noAssert)
if (!noAssert) {
checkByteLength(byteLength);
checkOffset(offset, byteLength, this.length);
}

var val = this[offset];
var mul = 1;
Expand All @@ -1057,8 +1059,10 @@ Buffer.prototype.readUIntBE =
function readUIntBE(offset, byteLength, noAssert) {
offset = offset >>> 0;
byteLength = byteLength >>> 0;
if (!noAssert)
if (!noAssert) {
checkByteLength(byteLength);
checkOffset(offset, byteLength, this.length);
}

var val = this[offset + --byteLength];
var mul = 1;
Expand Down
10 changes: 8 additions & 2 deletions test/parallel/test-buffer-read.js
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,14 @@ read(buf, 'readUInt32BE', [1], 0xfd48eacf);
read(buf, 'readUInt32LE', [1], 0xcfea48fd);

// testing basic functionality of readUIntBE() and readUIntLE()
read(buf, 'readUIntBE', [2, 0], 0xfd);
read(buf, 'readUIntLE', [2, 0], 0x48);
read(buf, 'readUIntBE', [2, 2], 0x48ea);
read(buf, 'readUIntLE', [2, 2], 0xea48);

// invalid byteLength parameter for readUIntBE() and readUIntLE()
common.expectsError(() => { buf.readUIntBE(2, 0); },
{ code: 'ERR_OUT_OF_RANGE' });
common.expectsError(() => { buf.readUIntLE(2, 7); },
{ code: 'ERR_OUT_OF_RANGE' });

// attempt to overflow buffers, similar to previous bug in array buffers
assert.throws(() => Buffer.allocUnsafe(8).readFloatBE(0xffffffff),
Expand Down

0 comments on commit 710d1dc

Please sign in to comment.