buffer: use stricter from() input validation

So far we did not throw an error for all types of invalid input. Functions do not return a buffer anymore and `number` and `symbol` validation is also improved. PR-URL: #26825 Fixes: #26741 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
nodejs · Mar 30, 2019 · 75eaf25 · 75eaf25
1 parent ef0701d
commit 75eaf25
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 59 deletions.
diff --git a/lib/buffer.js b/lib/buffer.js
@@ -195,33 +195,23 @@ Buffer.from = function from(value, encodingOrOffset, length) {
  if (typeof value === 'string')
  return fromString(value, encodingOrOffset);
 
- if (isAnyArrayBuffer(value))
- return fromArrayBuffer(value, encodingOrOffset, length);
+ if (typeof value === 'object' && value !== null) {
+ if (isAnyArrayBuffer(value))
+ return fromArrayBuffer(value, encodingOrOffset, length);
 
- if (value === null || value === undefined) {
- throw new ERR_INVALID_ARG_TYPE(
- 'first argument',
- ['string', 'Buffer', 'ArrayBuffer', 'Array', 'Array-like Object'],
- value
- );
- }
-
- if (typeof value === 'number') {
- throw new ERR_INVALID_ARG_TYPE('value', 'not number', value);
- }
+ const valueOf = value.valueOf && value.valueOf();
+ if (valueOf !== null && valueOf !== undefined && valueOf !== value)
+ return Buffer.from(valueOf, encodingOrOffset, length);
 
- const valueOf = value.valueOf && value.valueOf();
- if (valueOf !== null && valueOf !== undefined && valueOf !== value)
- return Buffer.from(valueOf, encodingOrOffset, length);
-
- const b = fromObject(value);
- if (b)
- return b;
+ const b = fromObject(value);
+ if (b)
+ return b;
 
- if (typeof value[Symbol.toPrimitive] === 'function') {
- return Buffer.from(value[Symbol.toPrimitive]('string'),
- encodingOrOffset,
- length);
+ if (typeof value[Symbol.toPrimitive] === 'function') {
+ return Buffer.from(value[Symbol.toPrimitive]('string'),
+ encodingOrOffset,
+ length);
+ }
  }
 
  throw new ERR_INVALID_ARG_TYPE(

diff --git a/test/parallel/test-buffer-bad-overload.js b/test/parallel/test-buffer-bad-overload.js
diff --git a/test/parallel/test-buffer-from.js b/test/parallel/test-buffer-from.js
@@ -1,6 +1,6 @@
 'use strict';
 
-const common = require('../common');
+require('../common');
 const { deepStrictEqual, throws } = require('assert');
 const { runInNewContext } = require('vm');
 
@@ -40,27 +40,25 @@ deepStrictEqual(
  [{ valueOf() { return null; } }, 'object'],
  [{ valueOf() { return undefined; } }, 'object'],
  [{ valueOf: null }, 'object'],
- [Object.create(null), 'object']
+ [Object.create(null), 'object'],
+ [new Number(true), 'number'],
+ [new MyBadPrimitive(), 'number'],
+ [Symbol(), 'symbol'],
+ [5n, 'bigint'],
+ [(one, two, three) => {}, 'function'],
+ [undefined, 'undefined'],
+ [null, 'object']
 ].forEach(([input, actualType]) => {
- const err = common.expectsError({
+ const errObj = {
  code: 'ERR_INVALID_ARG_TYPE',
- type: TypeError,
+ name: 'TypeError',
  message: 'The first argument must be one of type string, Buffer, ' +
  'ArrayBuffer, Array, or Array-like Object. Received ' +
  `type ${actualType}`
- });
- throws(() => Buffer.from(input), err);
+ };
+ throws(() => Buffer.from(input), errObj);
+ throws(() => Buffer.from(input, 'hex'), errObj);
 });
 
-[
- new Number(true),
- new MyBadPrimitive()
-].forEach((input) => {
- const errMsg = common.expectsError({
- code: 'ERR_INVALID_ARG_TYPE',
- type: TypeError,
- message: 'The "value" argument must not be of type number. ' +
- 'Received type number'
- });
- throws(() => Buffer.from(input), errMsg);
-});
+Buffer.allocUnsafe(10); // Should not throw.
+Buffer.from('deadbeaf', 'hex'); // Should not throw.