From 2f1009ab64eae0b55429a3e491ec043ecf0995c9 Mon Sep 17 00:00:00 2001
From: Anna Henningsen <anna@addaleax.net>
Date: Fri, 31 Mar 2017 08:22:20 +0200
Subject: [PATCH 1/2] v8: fix offsets for TypedArray deserialization

Fix the offset calculation for deserializing TypedArrays that are
not aligned in their original buffer.

Since `byteOffset` refers to the offset into the source `Buffer`
instance, not its underlying `ArrayBuffer`, that is what should
be passed to `buffer.copy`.
---
 lib/v8.js                       | 3 ++-
 test/parallel/test-v8-serdes.js | 8 ++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/v8.js b/lib/v8.js
index 7790f9b3343087..4205552b7d34c0 100644
--- a/lib/v8.js
+++ b/lib/v8.js
@@ -177,7 +177,8 @@ class DefaultDeserializer extends Deserializer {
     } else {
       // Copy to an aligned buffer first.
       const copy = Buffer.allocUnsafe(byteLength);
-      bufferBinding.copy(this.buffer, copy, 0, offset, offset + byteLength);
+      bufferBinding.copy(this.buffer, copy, 0,
+                         byteOffset, byteOffset + byteLength);
       return new ctor(copy.buffer,
                       copy.byteOffset,
                       byteLength / BYTES_PER_ELEMENT);
diff --git a/test/parallel/test-v8-serdes.js b/test/parallel/test-v8-serdes.js
index 84037b6f8c8f6f..fc39b648d4d5e0 100644
--- a/test/parallel/test-v8-serdes.js
+++ b/test/parallel/test-v8-serdes.js
@@ -118,3 +118,11 @@ const objects = [
   assert.deepStrictEqual(buf, ser.releaseBuffer());
   assert.strictEqual(des.getWireFormatVersion(), 0x0d);
 }
+
+{
+  // Unaligned Uint16Array read, with padding in the underlying array buffer.
+  const buf = Buffer.from('0'.repeat(64) + 'ff0d5c0404addeefbe', 'hex')
+      .slice(32);
+  assert.deepStrictEqual(v8.deserialize(buf),
+                         new Uint16Array([0xdead, 0xbeef]));
+}

From 625b3247d3985053e9ca952ff93716ce454dccd5 Mon Sep 17 00:00:00 2001
From: Anna Henningsen <anna@addaleax.net>
Date: Fri, 31 Mar 2017 11:03:37 +0200
Subject: [PATCH 2/2] address review suggestion

---
 test/parallel/test-v8-serdes.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/test/parallel/test-v8-serdes.js b/test/parallel/test-v8-serdes.js
index fc39b648d4d5e0..1914375ba2ec58 100644
--- a/test/parallel/test-v8-serdes.js
+++ b/test/parallel/test-v8-serdes.js
@@ -121,8 +121,9 @@ const objects = [
 
 {
   // Unaligned Uint16Array read, with padding in the underlying array buffer.
-  const buf = Buffer.from('0'.repeat(64) + 'ff0d5c0404addeefbe', 'hex')
-      .slice(32);
+  let buf = Buffer.alloc(32 + 9);
+  buf.write('ff0d5c0404addeefbe', 32, 'hex');
+  buf = buf.slice(32);
   assert.deepStrictEqual(v8.deserialize(buf),
                          new Uint16Array([0xdead, 0xbeef]));
 }