buffer: ensure zero-fill for Buffer.alloc(size,'')v4.x

This is applicable to v4.x only. Native Fill method is called from Buffer.alloc and from Buffer#fill, the second one is not affected by this, as Buffer#fill only calls the native method on either numbers as the second argument or non-zero-length strings. Fixes: https://github.com/nodejs-private/security/issues/192 PR-URL: https://github.com/nodejs-private/node-private/pull/118 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com> Reviewed-By: Timothy Gu <timothygu99@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
author: Сковорода Никита Андреевич <chalkerx@gmail.com> 2018-04-24 07:03:19 +0300
committer: Сковорода Никита Андреевич <chalkerx@gmail.com> 2018-06-20 17:56:21 +0300
commit: 9e5fe8eebd31c3998702f3b174058b6cd3154970 (patch)
tree: ddedd612b9f570054e2bb855f4e9ac6ad3a28b3f /src
parent: 215b42132b508561140ca2902c38822b9155db64 (diff)
download: node-new-v4.x.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/src/node_buffer.cc b/src/node_buffer.cc
index 11317328a6..2503274446 100644
--- a/src/node_buffer.cc
+++ b/src/node_buffer.cc
@@ -612,8 +612,10 @@ void Fill(const FunctionCallbackInfo<Value>& args) {
   size_t in_there = str_length;
   char* ptr = ts_obj_data + start + str_length;
 
-  if (str_length == 0)
+  if (str_length == 0) {
+    memset(ts_obj_data + start, 0, length);
     return;
+  }
 
   memcpy(ts_obj_data + start, *str, MIN(str_length, length));
author	Сковорода Никита Андреевич <chalkerx@gmail.com>	2018-04-24 07:03:19 +0300
committer	Сковорода Никита Андреевич <chalkerx@gmail.com>	2018-06-20 17:56:21 +0300
commit	9e5fe8eebd31c3998702f3b174058b6cd3154970 (patch)
tree	ddedd612b9f570054e2bb855f4e9ac6ad3a28b3f /src
parent	215b42132b508561140ca2902c38822b9155db64 (diff)
download	node-new-v4.x.tar.gz