Merge pull request #319 from XmiliaH/fix-318

Fix uninitialized buffer allocation
patriksimek · Apr 21, 2021 · 6fee336 · 6fee336
2 parents cc63160 + 8feb2ae
commit 6fee336
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 1 deletion.
diff --git a/lib/contextify.js b/lib/contextify.js
@@ -618,6 +618,11 @@ Contextify.function = (fnc, traps, deepTraps, flags, mock) => {
 	let proxy;
 
 	base.apply = (target, context, args) => {
+		// Fixes buffer unsafe allocation for node v6/7
+		if (host.version < 8 && fnc === host.Buffer && 'number' === typeof args[0]) {
+			args[0] = new local.Array(args[0]).fill(0);
+		}
+
 		context = Decontextify.value(context);
 
 		// Set context of all arguments to host's context.
@@ -632,7 +637,7 @@ Contextify.function = (fnc, traps, deepTraps, flags, mock) => {
 	base.construct = (target, args, newTarget) => {
 		// Fixes buffer unsafe allocation for node v6/7
 		if (host.version < 8 && fnc === host.Buffer && 'number' === typeof args[0]) {
-			args[0] = new Array(args[0]).fill(0);
+			args[0] = new local.Array(args[0]).fill(0);
 		}
 
 		args = Decontextify.arguments(args);

diff --git a/test/vm.js b/test/vm.js
@@ -560,6 +560,21 @@ describe('VM', () => {
 		assert.strictEqual(vm2.run(`
 			class MyBuffer extends Buffer {}; MyBuffer.alloc(100).toString('hex');
 		`), '00'.repeat(100), '#4');
+
+		assert.strictEqual(vm2.run(`
+			new Buffer(100).toString('hex');
+		`), '00'.repeat(100), '#5');
+
+		if (NODE_VERSION < 8) {
+			assert.strictEqual(vm2.run(`
+				Buffer(100).toString('hex');
+			`), '00'.repeat(100), '#6');
+		}
+
+		assert.strictEqual(vm2.run(`
+			class MyBuffer2 extends Buffer {}; new MyBuffer2(100).toString('hex');
+		`), '00'.repeat(100), '#7');
+
 	});
 
 	it('instanceof attack', () => {