buffer: segfault writing values with noAssert=true
Reported by @guidovranken.
Test case:
$ gdb --args ./out/Release/node -e 'new Buffer(10).writeFloatBE(1, 0xFFFFFFFF-1000, 1);'
Reading symbols from ./out/Release/node...done.
(gdb) run
# <elided>
Thread 1 "node" received signal SIGSEGV, Segmentation fault.
0x00007ffff6be36be in __memcpy_sse2_unaligned () from /lib64/libc.so.6
Missing separate debuginfos, use: dnf debuginfo-install libgcc-6.1.1-3.fc24.x86_64 libstdc++-6.1.1-3.fc24.x86_64
(gdb) backtrace 5
#0 0x00007ffff6be36be in __memcpy_sse2_unaligned () from /lib64/libc.so.6
#1 0x00000000012cf00c in void node::Buffer::WriteFloatGeneric<float, (node::Endianness)1>(v8::FunctionCallbackInfo<v8::Value> const&) ()
#2 0x0000000000a129dd in v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) ()
#3 0x0000000000a882b8 in v8::internal::MaybeHandle<v8::internal::Object> v8::internal::(anonymous namespace)::HandleApiCallHelper<false>(v8::internal::Isolate*, v8::internal::Ha
ndle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::FunctionTemplateInfo>, v8::internal::Handle<v8::internal::Object>, v8::internal::BuiltinArguments) ()
#4 0x0000000000a88fcd in v8::internal::Builtin_HandleApiCall(int, v8::internal::Object**, v8::internal::Isolate*) ()
The documentation says this:
`offset` {Integer} Where to start writing. Must satisfy: `0 <= offset <= buf.length - 4`
`noAssert` {Boolean} Skip `value` and `offset` validation? **Default:** `false`
IOW, it's technically allowed for node.js to crash but whether that's actually a good idea is something reasonable people can disagree on. Anyone have opinions on either:
- Removing
noAssert
; i.e., always checking the inputs, or - Skipping out-of-bounds reads and writes?