Skip to content

Commit

Permalink
buffer: Prevent Buffer constructor deopt
Browse files Browse the repository at this point in the history
The Buffer constructor will generally get inlined, but any call to the Buffer
constructor for a string without encoding will cause an eager deoptimization
of any function that inlined the Buffer constructor. This is due to a an
out-of-bounds read on `arguments[1]`. This change prevents that deopt.

PR-URL: #4158
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
  • Loading branch information
brycebaril authored and Myles Borins committed Jan 19, 2016
1 parent c5f71ac commit c6dc2a1
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions lib/buffer.js
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ function alignPool() {
}


function Buffer(arg) {
function Buffer(arg, encoding) {
// Common case.
if (typeof arg === 'number') {
// If less than zero, or NaN.
Expand All @@ -51,7 +51,7 @@ function Buffer(arg) {

// Slightly less common case.
if (typeof arg === 'string') {
return fromString(arg, arguments[1]);
return fromString(arg, encoding);
}

// Unusual.
Expand Down

0 comments on commit c6dc2a1

Please sign in to comment.