buffer: Prevent Buffer constructor deopt

The Buffer constructor will generally get inlined, but any call to the Buffer constructor for a string without encoding will cause an eager deoptimization of any function that inlined the Buffer constructor. This is due to a an out-of-bounds read on `arguments[1]`. This change prevents that deopt. PR-URL: #4158 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Trevor Norris <[email protected]> Reviewed-By: Minwoo Jung <[email protected]>
nodejs · Dec 8, 2015 · e3a8e8b · e3a8e8b
1 parent 9e9346f
commit e3a8e8b
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/lib/buffer.js b/lib/buffer.js
@@ -40,7 +40,7 @@ function alignPool() {
 }
 
 
-function Buffer(arg) {
+function Buffer(arg, encoding) {
   // Common case.
   if (typeof arg === 'number') {
     // If less than zero, or NaN.
@@ -51,7 +51,7 @@ function Buffer(arg) {
 
   // Slightly less common case.
   if (typeof arg === 'string') {
-    return fromString(arg, arguments[1]);
+    return fromString(arg, encoding);
   }
 
   // Unusual.