From fdb2125f6496423d15cd8c01c5b6061520ff2a7d Mon Sep 17 00:00:00 2001
From: Michael Dawson <midawson@redhat.com>
Date: Mon, 4 Dec 2023 17:30:18 +0000
Subject: [PATCH] src: fix double free reported by coverity

Fix double free reported by coverity. ToBufferEndian()
in ndoe_i18n.cc was the only caller of Buffer::New() passing
in a MaybeStackBuffer. Coverity reported a double free
because there were paths in which the src buffer would
be deleted by both the destruction of the MaybeStackBuffer and
by the Buffer which was done even in failure cases for
Buffer::New().

Signed-off-by: Michael Dawson <midawson@redhat.com>
---
 src/node_internals.h | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/node_internals.h b/src/node_internals.h
index 9a96e042fc5cda..f89b60a4a8835a 100644
--- a/src/node_internals.h
+++ b/src/node_internals.h
@@ -190,16 +190,12 @@ static v8::MaybeLocal<v8::Object> New(Environment* env,
   char* src = reinterpret_cast<char*>(buf->out());
   const size_t len_in_bytes = buf->length() * sizeof(buf->out()[0]);
 
-  if (buf->IsAllocated())
+  if (buf->IsAllocated()) {
     ret = New(env, src, len_in_bytes);
-  else if (!buf->IsInvalidated())
-    ret = Copy(env, src, len_in_bytes);
-
-  if (ret.IsEmpty())
-    return ret;
-
-  if (buf->IsAllocated())
+    // new always takes ownership of src
     buf->Release();
+  } else if (!buf->IsInvalidated())
+    ret = Copy(env, src, len_in_bytes);
 
   return ret;
 }