buffer: zero-fill uninitialized bytes in .concat()

This makes sure that no uninitialized bytes are leaked when the specified `totalLength` input value is greater than the actual total length of the specified buffers array, e.g. in Buffer.concat([Buffer.alloc(0)], 100). PR-URL: https://github.com/nodejs/node-private/pull/64 Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
author: Сковорода Никита Андреевич <chalkerx@gmail.com> 2016-09-16 08:07:23 +0300
committer: Rod Vagg <rod@vagg.org> 2016-09-28 11:19:18 +1000
commit: 495d688e069f97e8135a877773cd12cb52617e92 (patch)
tree: 0d2040fcb35d214cced0f34239a7e108d2874e83 /lib
parent: c34e58e68416b34a976dfae72c7123b3b334a6b0 (diff)
download: android-node-v8-495d688e069f97e8135a877773cd12cb52617e92.tar.gz
android-node-v8-495d688e069f97e8135a877773cd12cb52617e92.tar.bz2
android-node-v8-495d688e069f97e8135a877773cd12cb52617e92.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/buffer.js b/lib/buffer.js
index 86aa2e512e..495b521def 100644
--- a/lib/buffer.js
+++ b/lib/buffer.js
@@ -338,6 +338,14 @@ Buffer.concat = function(list, length) {
     pos += buf.length;
   }
 
+  // Note: `length` is always equal to `buffer.length` at this point
+  if (pos < length) {
+    // Zero-fill the remaining bytes if the specified `length` was more than
+    // the actual total length, i.e. if we have some remaining allocated bytes
+    // there were not initialized.
+    buffer.fill(0, pos, length);
+  }
+
   return buffer;
 };
author	Сковорода Никита Андреевич <chalkerx@gmail.com>	2016-09-16 08:07:23 +0300
committer	Rod Vagg <rod@vagg.org>	2016-09-28 11:19:18 +1000
commit	495d688e069f97e8135a877773cd12cb52617e92 (patch)
tree	0d2040fcb35d214cced0f34239a7e108d2874e83 /lib
parent	c34e58e68416b34a976dfae72c7123b3b334a6b0 (diff)
download	android-node-v8-495d688e069f97e8135a877773cd12cb52617e92.tar.gz android-node-v8-495d688e069f97e8135a877773cd12cb52617e92.tar.bz2 android-node-v8-495d688e069f97e8135a877773cd12cb52617e92.zip