From 54f24fb5bc410ef3517f70497fd917f750adbd77 Mon Sep 17 00:00:00 2001
From: Michael Dawson <mdawson@devrus.com>
Date: Mon, 29 Nov 2021 17:59:49 -0500
Subject: [PATCH] src: fix limit calculation

Coverity reported that the use of sizeof along with pointer
arithmetic was likely an error as the pointer arithmetic
would already be accounting for the size of what the
pointer points to.

Looking at the code that looked right but removing the
extra sizeOf caused tests to fail.

Looking more closely it seems like we were not allocating
a big enough buffer but the extra sizeof was allowing
us to convert even though it might have been corrupting
memory.

Signed-off-by: Michael Dawson <mdawson@devrus.com>
---
 src/node_i18n.cc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/node_i18n.cc b/src/node_i18n.cc
index b1b3f5d1749a4f..c537a247f55ff0 100644
--- a/src/node_i18n.cc
+++ b/src/node_i18n.cc
@@ -447,8 +447,9 @@ void ConverterObject::Decode(const FunctionCallbackInfo<Value>& args) {
 
   // When flushing the final chunk, the limit is the maximum
   // of either the input buffer length or the number of pending
-  // characters times the min char size.
-  size_t limit = converter->min_char_size() *
+  // characters times the min char size, multiplied by 2 as unicode may
+  // take up to 2 UChars to encode a character
+  size_t limit = 2 * converter->min_char_size() *
       (!flush ?
           input.length() :
           std::max(
@@ -474,7 +475,7 @@ void ConverterObject::Decode(const FunctionCallbackInfo<Value>& args) {
   UChar* target = *result;
   ucnv_toUnicode(converter->conv(),
                  &target,
-                 target + (limit * sizeof(UChar)),
+                 target + limit,
                  &source,
                  source + source_length,
                  nullptr,