lib,src: reset zero fill flag on exception

[bnoordhuis]

R=@ChALkeR. I had to apply a small style fix-up to stop the linter from complaining.

I'm tagging this dont-land-on-anything but the test probably should be backported.

CI: https://ci.nodejs.org/job/node-test-pull-request/2891/

[jasnell]

LGTM.
@ChALkeR ... my apologies for missing the removal of the try/catch in the original PR. I saw the green CI and had incorrectly assumed that a test covering this was already being run.

[ChALkeR]

@bnoordhuis

I had to apply a small style fix-up to stop the linter from complaining.

If it's about missing ;, I believe I fixed that already in the original PR. If not — what was it?

[bnoordhuis]

Yes, the missing semicolon.

[ChALkeR]

Is an extra if needed here?

[bnoordhuis]

'Needed', no, but I added it for symmetry with the check above and because it saves a bounds check.

[ChALkeR]

@bnoordhuis Ah, that makes sense. Thanks!

[ChALkeR]

Originally, that code looked like

flags[kNoZeroFill] = noZeroFill ? 1 : 0;
try {
  const ui8 = new Uint8Array(size);
  Object.setPrototypeOf(ui8, Buffer.prototype);
  return ui8;
} finally {
  flags[kNoZeroFill] = 0;
}

That way, we can keep it const. It's not important, though.

LGTM, thanks!

[ChALkeR]

@jasnell It was my fault that the testcase was missing. I opened a separate issue to share my considerations about publishing testcases for security issues and to discuss how that should be done.

[ChALkeR]

Ah. @bnoordhuis, the first commit here misses a description.

dd67608 has an explanation why that try-finally was introduced.

[trevnorris]

is the .fill(0) just precautionary in case it hasn't been properly zero filled?

[ChALkeR]

This testcase ensures that typed arrays are zero filled, by comparing them to a typed array that is surely zero-filled.

If something breaks and typed arrays become non zero filled, then this testcase should fail. Without .fill(0) a change where this and following typed arrays become filled with equivalent garbage (e.g. with a constant number due to some of the previous tests) will slip through.

[trevnorris]

Sure. But

a change where this and following typed arrays become filled with equivalent garbage

the two allocations would need to be filled with exactly the same garbage, for several allocations. Though I see what you're getting at.

[trevnorris]

LGTM.

[RReverser]

Can't we just reset zero-flag here instead of delegating to JS side, right before the malloc so that allocation exception couldn't happen yet? This would lead to less changes + would avoid try-catch deopt in createBuffer.

[trevnorris]

That was my initial implementation. Problem is if new Uint8Array() for some reason throws it'll stay flipped.

[ChALkeR]

Not sure of that. try-finally also checks that no non-failing shortcuts (that return an empty array) result in the flag not being reset.

Do you have an example that passes the tests here?

[trevnorris]

@ChALkeR Are you addressing my comment? I'm saying I reset the bit in C++ and I believe you were the one that realized the bit can be flipped and remain flipped if the allocation fails.

[ChALkeR]

@trevnorris No, somewhy I didn't see your comment and was adressing @RReverser comment.

[bnoordhuis]

Landed with expanded commit log in 3549a5e...fea3070.