diff options
author | Сковорода Никита Андреевич <chalkerx@gmail.com> | 2016-09-16 08:07:23 +0300 |
---|---|---|
committer | Rod Vagg <rod@vagg.org> | 2016-09-28 11:19:18 +1000 |
commit | 495d688e069f97e8135a877773cd12cb52617e92 (patch) | |
tree | 0d2040fcb35d214cced0f34239a7e108d2874e83 /lib | |
parent | c34e58e68416b34a976dfae72c7123b3b334a6b0 (diff) | |
download | android-node-v8-495d688e069f97e8135a877773cd12cb52617e92.tar.gz android-node-v8-495d688e069f97e8135a877773cd12cb52617e92.tar.bz2 android-node-v8-495d688e069f97e8135a877773cd12cb52617e92.zip |
buffer: zero-fill uninitialized bytes in .concat()
This makes sure that no uninitialized bytes are leaked when the specified
`totalLength` input value is greater than the actual total length of the
specified buffers array, e.g. in Buffer.concat([Buffer.alloc(0)], 100).
PR-URL: https://github.com/nodejs/node-private/pull/64
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/buffer.js | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/buffer.js b/lib/buffer.js index 86aa2e512e..495b521def 100644 --- a/lib/buffer.js +++ b/lib/buffer.js @@ -338,6 +338,14 @@ Buffer.concat = function(list, length) { pos += buf.length; } + // Note: `length` is always equal to `buffer.length` at this point + if (pos < length) { + // Zero-fill the remaining bytes if the specified `length` was more than + // the actual total length, i.e. if we have some remaining allocated bytes + // there were not initialized. + buffer.fill(0, pos, length); + } + return buffer; }; |