src: fix limit calculation

Coverity reported that the use of sizeof along with pointer arithmetic was likely an error as the pointer arithmetic would already be accounting for the size of what the pointer points to. Looking at the code that looked right but removing the extra sizeOf caused tests to fail. Looking more closely it seems like we were not allocating a big enough buffer but the extra sizeof was allowing us to convert even though it might have been corrupting memory. Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: #41026 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
nodejs · Dec 13, 2021 · 07f5782 · 07f5782
1 parent a8cb89e
commit 07f5782
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/src/node_i18n.cc b/src/node_i18n.cc
@@ -447,8 +447,9 @@ void ConverterObject::Decode(const FunctionCallbackInfo<Value>& args) {
 
   // When flushing the final chunk, the limit is the maximum
   // of either the input buffer length or the number of pending
-  // characters times the min char size.
-  size_t limit = converter->min_char_size() *
+  // characters times the min char size, multiplied by 2 as unicode may
+  // take up to 2 UChars to encode a character
+  size_t limit = 2 * converter->min_char_size() *
       (!flush ?
           input.length() :
           std::max(
@@ -474,7 +475,7 @@ void ConverterObject::Decode(const FunctionCallbackInfo<Value>& args) {
   UChar* target = *result;
   ucnv_toUnicode(converter->conv(),
                  &target,
-                 target + (limit * sizeof(UChar)),
+                 target + limit,
                  &source,
                  source + source_length,
                  nullptr,