From 9ae2a27d44b7a22815a3d5de648b43eb4ec284c0 Mon Sep 17 00:00:00 2001
From: Antoine du Hamel <duhamelantoine1995@gmail.com>
Date: Sun, 20 Dec 2020 12:59:44 +0100
Subject: [PATCH] buffer: make FastBuffer safe to construct

Using an explicit constructor is necessary to avoid relying on
`Array.prototype[Symbol.iterator]` and `%ArrayIteratorPrototype%.next`,
which can be mutated by users.

PR-URL: https://github.com/nodejs/node/pull/36587
Refs: https://github.com/nodejs/node/pull/36428
Refs: https://github.com/nodejs/node/pull/36532
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
---
 lib/internal/buffer.js | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/internal/buffer.js b/lib/internal/buffer.js
index c254a0277d15d9..dd27c15957f1ac 100644
--- a/lib/internal/buffer.js
+++ b/lib/internal/buffer.js
@@ -948,7 +948,14 @@ function writeFloatBackwards(val, offset = 0) {
   return offset;
 }
 
-class FastBuffer extends Uint8Array {}
+class FastBuffer extends Uint8Array {
+  // Using an explicit constructor here is necessary to avoid relying on
+  // `Array.prototype[Symbol.iterator]`, which can be mutated by users.
+  // eslint-disable-next-line no-useless-constructor
+  constructor(bufferOrLength, byteOffset, length) {
+    super(bufferOrLength, byteOffset, length);
+  }
+}
 
 function addBufferPrototypeMethods(proto) {
   proto.readBigUInt64LE = readBigUInt64LE;