src: remove TOCTOU race condition when encoding SAB-backed `Buffer`s by aduh95 · Pull Request #63517 · nodejs/node

aduh95 · 2026-05-23T15:40:57Z

If the BufferView is backed by a SharedArrayBuffer, we want to copy the content before passing it to String::Encode in case the data is mutated in a different thread.

Otherwise the validate_utf8 and convert_valid_utf8_to_utf16 might get bytes, leading to undefined behavior

node/src/string_bytes.cc

Lines 585 to 600 in e209dbe

    
           if (buflen >= 32 && simdutf::validate_utf8(buf, buflen)) { 
        
             // We know that we are non-ASCII (and are unlikely Latin1), use 2-byte 
        
             // In the most likely case of valid UTF-8, we can use this fast impl 
        
             // For very short input, it is slower, so we limit min size 
        
             size_t u16size = simdutf::utf16_length_from_utf8(buf, buflen); 
        
             if (u16size > static_cast<size_t>(v8::String::kMaxLength)) { 
        
               isolate->ThrowException(ERR_STRING_TOO_LONG(isolate)); 
        
               return MaybeLocal<Value>(); 
        
             } 
        
             return EncodeTwoByteString( 
        
                 isolate, u16size, [buf, buflen, u16size](uint16_t* dst) { 
        
                   size_t written = simdutf::convert_valid_utf8_to_utf16( 
        
                       buf, buflen, reinterpret_cast<char16_t*>(dst)); 
        
                   CHECK_EQ(written, u16size); 
        
                 }); 
        
           }

Refs: https://hackerone.com/reports/3752489

Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com>

…ffer`s

codecov · 2026-05-23T17:03:07Z

Codecov Report

❌ Patch coverage is 77.77778% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.13%. Comparing base (ca37665) to head (dc2be31).
⚠️ Report is 12 commits behind head on main.

Files with missing lines	Patch %	Lines
src/node_buffer.cc	60.00%	0 Missing and 6 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #63517      +/-   ##
==========================================
+ Coverage   90.12%   90.13%   +0.01%     
==========================================
  Files         718      718              
  Lines      227911   228418     +507     
  Branches    42813    42938     +125     
==========================================
+ Hits       205404   205889     +485     
+ Misses      14288    14273      -15     
- Partials     8219     8256      +37

Files with missing lines	Coverage Δ
src/encoding_binding.cc	`54.08% <100.00%> (+1.16%)`	⬆️
src/node_buffer.cc	`68.64% <60.00%> (+0.17%)`	⬆️

... and 85 files with indirect coverage changes

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

nodejs-github-bot · 2026-05-23T22:02:14Z

CI: https://ci.nodejs.org/job/node-test-pull-request/73642/

src: remove TOCTOU race condition when encoding SAB-backed Buffers

e209dbe

Signed-off-by: Antoine du Hamel <duhamelantoine1995@gmail.com>

nodejs-github-bot added buffer Issues and PRs related to the buffer subsystem. c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. labels May 23, 2026

fixup! src: remove TOCTOU race condition when encoding SAB-backed `Bu…

dc2be31

…ffer`s

jasnell approved these changes May 23, 2026

View reviewed changes

aduh95 added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. request-ci Add this label to start a Jenkins CI on a PR. labels May 23, 2026

github-actions Bot removed the request-ci Add this label to start a Jenkins CI on a PR. label May 23, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

src: remove TOCTOU race condition when encoding SAB-backed `Buffer`s#63517

src: remove TOCTOU race condition when encoding SAB-backed `Buffer`s#63517
aduh95 wants to merge 2 commits into
nodejs:mainfrom
aduh95:toctou-string-encode

aduh95 commented May 23, 2026 •

edited

Loading

Uh oh!

codecov Bot commented May 23, 2026 •

edited

Loading

Uh oh!

nodejs-github-bot commented May 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

	if (buflen >= 32 && simdutf::validate_utf8(buf, buflen)) {
	// We know that we are non-ASCII (and are unlikely Latin1), use 2-byte
	// In the most likely case of valid UTF-8, we can use this fast impl
	// For very short input, it is slower, so we limit min size
	size_t u16size = simdutf::utf16_length_from_utf8(buf, buflen);
	if (u16size > static_cast<size_t>(v8::String::kMaxLength)) {
	isolate->ThrowException(ERR_STRING_TOO_LONG(isolate));
	return MaybeLocal<Value>();
	}
	return EncodeTwoByteString(
	isolate, u16size, [buf, buflen, u16size](uint16_t* dst) {
	size_t written = simdutf::convert_valid_utf8_to_utf16(
	buf, buflen, reinterpret_cast<char16_t*>(dst));
	CHECK_EQ(written, u16size);
	});
	}

Uh oh!

Conversation

aduh95 commented May 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov Bot commented May 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

nodejs-github-bot commented May 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

aduh95 commented May 23, 2026 •

edited

Loading

codecov Bot commented May 23, 2026 •

edited

Loading