src: fix ArrayBuffer size for zero fill flag

Use `sizeof()` of the zero fill flag as the byte length of the
`zeroFill` array buffer rather than `1`.

This fixes running debug builds, which have boundary checks for
typed array creations from native code enabled.

PR-URL: https://github.com/nodejs/node/pull/7142
Fixes: https://github.com/nodejs/node/issues/7140
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Nikolai Vavilov <vvnicholas@gmail.com>

1 files changed, 3 insertions, 1 deletions

diff --git a/src/node_buffer.cc b/src/node_buffer.cc
index bb94263ccd..b8accf517c 100644
--- a/src/node_buffer.cc
+++ b/src/node_buffer.cc
@@ -1227,7 +1227,9 @@ void SetupBufferJS(const FunctionCallbackInfo<Value>& args) {
   if (auto zero_fill_field = env->isolate_data()->zero_fill_field()) {
     CHECK(args[1]->IsObject());
     auto binding_object = args[1].As<Object>();
-    auto array_buffer = ArrayBuffer::New(env->isolate(), zero_fill_field, 1);
+    auto array_buffer = ArrayBuffer::New(env->isolate(),
+                                         zero_fill_field,
+                                         sizeof(*zero_fill_field));
     auto name = FIXED_ONE_BYTE_STRING(env->isolate(), "zeroFill");
     auto value = Uint32Array::New(array_buffer, 0, 1);
     CHECK(binding_object->Set(env->context(), name, value).FromJust());