From: Dmitry Volyntsev <xeioex@nginx.com>
Date: Fri, 17 Sep 2021 18:29:40 +0000 (+0000)
Subject: Fixed njs_buffer_slot().
X-Git-Url: http://www.kaiwu.me/postgresql/commit/?a=commitdiff_plain;h=5279e0e800ef0812b108a75afb460e96f0fc0f98;p=njs.git

Fixed njs_buffer_slot().

Previously, njs_buffer_slot() might return NULL value without setting
corresponding exception where user code expects it.

In addition the function is split into two functions.  The internal one
does not set anything to vm->retval.  This function has to be used by
property handlers, because they are expected not to modify vm->retval.
---

diff --git a/src/njs_buffer.c b/src/njs_buffer.c
index 86a0b93b..2c47657c 100644
--- a/src/njs_buffer.c
+++ b/src/njs_buffer.c
@@ -572,30 +572,36 @@ njs_buffer_byte_length(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
 
 
 static njs_typed_array_t *
-njs_buffer_slot(njs_vm_t *vm, njs_value_t *value, const char *name)
+njs_buffer_slot_internal(njs_vm_t *vm, njs_value_t *value)
 {
     njs_typed_array_t  *array;
 
-    if (njs_slow_path(!njs_is_object(value))) {
-        goto failed;
+    if (njs_is_object(value)) {
+        array = njs_object_proto_lookup(njs_object(value), NJS_TYPED_ARRAY,
+                                        njs_typed_array_t);
+
+        if (array != NULL && array->type == NJS_OBJ_TYPE_UINT8_ARRAY) {
+            return array;
+        }
     }
 
-    array = njs_object_proto_lookup(njs_object(value), NJS_TYPED_ARRAY,
-                                    njs_typed_array_t);
+    return NULL;
+}
 
-    if (njs_slow_path(array != NULL
-                      && array->type != NJS_OBJ_TYPE_UINT8_ARRAY))
-    {
-        goto failed;
-    }
 
-    return array;
+static njs_typed_array_t *
+njs_buffer_slot(njs_vm_t *vm, njs_value_t *value, const char *name)
+{
+    njs_typed_array_t  *array;
 
-failed:
+    array = njs_buffer_slot_internal(vm, value);
+    if (njs_slow_path(array == NULL)) {
+        njs_type_error(vm, "\"%s\" argument must be an instance "
+                           "of Buffer or Uint8Array", name);
+        return NULL;
+    }
 
-    njs_type_error(vm, "\"%s\" argument must be an instance "
-                       "of Buffer or Uint8Array", name);
-    return NULL;
+    return array;
 }
 
 
@@ -902,7 +908,7 @@ njs_buffer_prototype_length(njs_vm_t *vm, njs_object_prop_t *prop,
 {
     njs_typed_array_t  *array;
 
-    array = njs_buffer_slot(vm, value, "this");
+    array = njs_buffer_slot_internal(vm, value);
     if (njs_slow_path(array == NULL)) {
         njs_set_undefined(retval);
         return NJS_DECLINED;
diff --git a/src/test/njs_unit_test.c b/src/test/njs_unit_test.c
index 5dd2318c..72d01817 100644
--- a/src/test/njs_unit_test.c
+++ b/src/test/njs_unit_test.c
@@ -19538,6 +19538,12 @@ static njs_unit_test_t  njs_test[] =
               "})"),
       njs_str("true") },
 
+    { njs_str("Buffer.from([1,2]).equals(new ArrayBuffer(1))"),
+      njs_str("TypeError: \"target\" argument must be an instance of Buffer or Uint8Array") },
+
+    { njs_str("Buffer.from([1,2]).equals(1)"),
+      njs_str("TypeError: \"target\" argument must be an instance of Buffer or Uint8Array") },
+
     { njs_str("var buf = Buffer.alloc(4);"
               "buf.fill('ZXZpbA==', 'base64')"),
       njs_str("evil") },