From 2cad7a69ce3228b1e40f3bf8117ca739a5d6929d Mon Sep 17 00:00:00 2001
From: Trevor Norris <trev.norris@gmail.com>
Date: Mon, 20 May 2013 14:37:55 -0700
Subject: buffer: throw when writing beyond buffer

Previously one could write anywhere in a buffer pool if they accidently
got their offset wrong. Mainly because the cc level checks only test
against the parent slow buffer and not against the js object properties.
So now we check to make sure values won't go beyond bounds without
letting the dev know.
---
 lib/buffer.js | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lib')

diff --git a/lib/buffer.js b/lib/buffer.js
index c75dbc93a8..000c54b3a8 100644
--- a/lib/buffer.js
+++ b/lib/buffer.js
@@ -339,6 +339,9 @@ Buffer.prototype.write = function(string, offset, length, encoding) {
   }
   encoding = String(encoding || 'utf8').toLowerCase();
 
+  if (string.length > 0 && (length < 0 || offset < 0))
+    throw new RangeError('attempt to write beyond buffer bounds');
+
   var ret;
   switch (encoding) {
     case 'hex':
-- 
cgit v1.2.3