Check write/read Slice out of bounds

junderw · junderw · commit 5679a4b455dc · 2020-01-15T14:14:02.000+09:00
diff --git a/src/bufferutils.js b/src/bufferutils.js
@@ -67,6 +67,9 @@ class BufferWriter {
     this.offset += varuint.encode.bytes;
   }
   writeSlice(slice) {
+    if (this.buffer.length < this.offset + slice.length) {
+      throw new Error('Cannot write slice out of bounds');
+    }
     this.offset += slice.copy(this.buffer, this.offset);
   }
   writeVarSlice(slice) {
@@ -114,8 +117,12 @@ class BufferReader {
     return vi;
   }
   readSlice(n) {
+    if (this.buffer.length < this.offset + n) {
+      throw new Error('Cannot read slice out of bounds');
+    }
+    const result = this.buffer.slice(this.offset, this.offset + n);
     this.offset += n;
-    return this.buffer.slice(this.offset - n, this.offset);
+    return result;
   }
   readVarSlice() {
     return this.readSlice(this.readVarInt());
diff --git a/test/bufferutils.spec.ts b/test/bufferutils.spec.ts
@@ -209,6 +209,9 @@ describe('bufferutils', () => {
         testBuffer(bufferWriter, expectedBuffer, expectedOffset);
       });
       testBuffer(bufferWriter, expectedBuffer);
+      assert.throws(() => {
+        bufferWriter.writeSlice(Buffer.from([0, 0]));
+      }, /^Error: Cannot write slice out of bounds$/);
     });
 
     it('writeVarSlice', () => {
@@ -421,6 +424,9 @@ describe('bufferutils', () => {
         const val = bufferReader.readSlice(v.length);
         testValue(bufferReader, val, Buffer.from(v), expectedOffset);
       });
+      assert.throws(() => {
+        bufferReader.readSlice(2);
+      }, /^Error: Cannot read slice out of bounds$/);
     });
 
     it('readVarSlice', () => {
diff --git a/ts_src/bufferutils.ts b/ts_src/bufferutils.ts
@@ -78,6 +78,9 @@ export class BufferWriter {
   }
 
   writeSlice(slice: Buffer): void {
+    if (this.buffer.length < this.offset + slice.length) {
+      throw new Error('Cannot write slice out of bounds');
+    }
     this.offset += slice.copy(this.buffer, this.offset);
   }
 
@@ -131,8 +134,12 @@ export class BufferReader {
   }
 
   readSlice(n: number): Buffer {
+    if (this.buffer.length < this.offset + n) {
+      throw new Error('Cannot read slice out of bounds');
+    }
+    const result = this.buffer.slice(this.offset, this.offset + n);
     this.offset += n;
-    return this.buffer.slice(this.offset - n, this.offset);
+    return result;
   }
 
   readVarSlice(): Buffer {

Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,9 @@ class BufferWriter {`
`67`	`67`	`this.offset += varuint.encode.bytes;`
`68`	`68`	`}`
`69`	`69`	`writeSlice(slice) {`
	`70`	`+ if (this.buffer.length < this.offset + slice.length) {`
	`71`	`+ throw new Error('Cannot write slice out of bounds');`
	`72`	`+ }`
`70`	`73`	`this.offset += slice.copy(this.buffer, this.offset);`
`71`	`74`	`}`
`72`	`75`	`writeVarSlice(slice) {`
`@@ -114,8 +117,12 @@ class BufferReader {`
`114`	`117`	`return vi;`
`115`	`118`	`}`
`116`	`119`	`readSlice(n) {`
	`120`	`+ if (this.buffer.length < this.offset + n) {`
	`121`	`+ throw new Error('Cannot read slice out of bounds');`
	`122`	`+ }`
	`123`	`+ const result = this.buffer.slice(this.offset, this.offset + n);`
`117`	`124`	`this.offset += n;`
`118`		`- return this.buffer.slice(this.offset - n, this.offset);`
	`125`	`+ return result;`
`119`	`126`	`}`
`120`	`127`	`readVarSlice() {`
`121`	`128`	`return this.readSlice(this.readVarInt());`
Original file line number	Diff line number	Diff line change
`@@ -78,6 +78,9 @@ export class BufferWriter {`
`78`	`78`	`}`
`79`	`79`
`80`	`80`	`writeSlice(slice: Buffer): void {`
	`81`	`+ if (this.buffer.length < this.offset + slice.length) {`
	`82`	`+ throw new Error('Cannot write slice out of bounds');`
	`83`	`+ }`
`81`	`84`	`this.offset += slice.copy(this.buffer, this.offset);`
`82`	`85`	`}`
`83`	`86`
`@@ -131,8 +134,12 @@ export class BufferReader {`
`131`	`134`	`}`
`132`	`135`
`133`	`136`	`readSlice(n: number): Buffer {`
	`137`	`+ if (this.buffer.length < this.offset + n) {`
	`138`	`+ throw new Error('Cannot read slice out of bounds');`
	`139`	`+ }`
	`140`	`+ const result = this.buffer.slice(this.offset, this.offset + n);`
`134`	`141`	`this.offset += n;`
`135`		`- return this.buffer.slice(this.offset - n, this.offset);`
	`142`	`+ return result;`
`136`	`143`	`}`
`137`	`144`
`138`	`145`	`readVarSlice(): Buffer {`