From bb99f31f30e10d92036a7cc0000cecd5a0c9e017 Mon Sep 17 00:00:00 2001
From: Jinho Bang <zino@chromium.org>
Date: Tue, 26 Dec 2017 23:20:39 +0900
Subject: [PATCH] n-api: throw RangeError in napi_create_dataview() with
 invalid range

The API is required that `byte_length + byte_offset` is less than or
equal to the size in bytes of the array passed in. If not, a RangeError
exception is raised[1].

[1] https://nodejs.org/api/n-api.html#n_api_napi_create_dataview

Backport-PR-URL: https://github.com/nodejs/node/pull/19447
PR-URL: https://github.com/nodejs/node/pull/17869
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
---
 src/node_api.cc                               |  8 +++
 test/addons-napi/test_dataview/test.js        | 22 +++++---
 .../addons-napi/test_dataview/test_dataview.c | 52 ++++++++++++++++++-
 3 files changed, 75 insertions(+), 7 deletions(-)

diff --git a/src/node_api.cc b/src/node_api.cc
index b3334c486edc14..54ed3dba887abc 100644
--- a/src/node_api.cc
+++ b/src/node_api.cc
@@ -3264,6 +3264,14 @@ napi_status napi_create_dataview(napi_env env,
   RETURN_STATUS_IF_FALSE(env, value->IsArrayBuffer(), napi_invalid_arg);
 
   v8::Local<v8::ArrayBuffer> buffer = value.As<v8::ArrayBuffer>();
+  if (byte_length + byte_offset > buffer->ByteLength()) {
+    napi_throw_range_error(
+        env,
+        "ERR_NAPI_INVALID_DATAVIEW_ARGS",
+        "byte_offset + byte_length should be less than or "
+        "equal to the size in bytes of the array passed in");
+    return napi_set_last_error(env, napi_pending_exception);
+  }
   v8::Local<v8::DataView> DataView = v8::DataView::New(buffer, byte_offset,
                                                        byte_length);
 
diff --git a/test/addons-napi/test_dataview/test.js b/test/addons-napi/test_dataview/test.js
index 711ab01ddb3cb6..a6be58494069e5 100644
--- a/test/addons-napi/test_dataview/test.js
+++ b/test/addons-napi/test_dataview/test.js
@@ -5,10 +5,20 @@ const assert = require('assert');
 // Testing api calls for arrays
 const test_dataview = require(`./build/${common.buildType}/test_dataview`);
 
-//create dataview
-const buffer = new ArrayBuffer(128);
-const template = Reflect.construct(DataView, [buffer]);
+// Test for creating dataview
+{
+  const buffer = new ArrayBuffer(128);
+  const template = Reflect.construct(DataView, [buffer]);
 
-const theDataview = test_dataview.CreateDataView(template);
-assert.ok(theDataview instanceof DataView,
-          `Expect ${theDataview} to be a DataView`);
+  const theDataview = test_dataview.CreateDataViewFromJSDataView(template);
+  assert.ok(theDataview instanceof DataView,
+            `Expect ${theDataview} to be a DataView`);
+}
+
+// Test for creating dataview with invalid range
+{
+  const buffer = new ArrayBuffer(128);
+  assert.throws(() => {
+    test_dataview.CreateDataView(buffer, 10, 200);
+  }, RangeError);
+}
diff --git a/test/addons-napi/test_dataview/test_dataview.c b/test/addons-napi/test_dataview/test_dataview.c
index 698ea0bf509856..d65b30efb26a6a 100644
--- a/test/addons-napi/test_dataview/test_dataview.c
+++ b/test/addons-napi/test_dataview/test_dataview.c
@@ -3,6 +3,53 @@
 #include "../common.h"
 
 napi_value CreateDataView(napi_env env, napi_callback_info info) {
+  size_t argc = 3;
+  napi_value args [3];
+  NAPI_CALL(env, napi_get_cb_info(env, info, &argc, args, NULL, NULL));
+
+  NAPI_ASSERT(env, argc == 3, "Wrong number of arguments");
+
+  napi_valuetype valuetype0;
+  napi_value arraybuffer = args[0];
+
+  NAPI_CALL(env, napi_typeof(env, arraybuffer, &valuetype0));
+  NAPI_ASSERT(env, valuetype0 == napi_object,
+              "Wrong type of arguments. Expects a ArrayBuffer as the first "
+              "argument.");
+
+  bool is_arraybuffer;
+  NAPI_CALL(env, napi_is_arraybuffer(env, arraybuffer, &is_arraybuffer));
+  NAPI_ASSERT(env, is_arraybuffer,
+              "Wrong type of arguments. Expects a ArrayBuffer as the first "
+              "argument.");
+
+  napi_valuetype valuetype1;
+  NAPI_CALL(env, napi_typeof(env, args[1], &valuetype1));
+
+  NAPI_ASSERT(env, valuetype1 == napi_number,
+      "Wrong type of arguments. Expects a number as second argument.");
+
+  size_t byte_offset = 0;
+  NAPI_CALL(env, napi_get_value_uint32(env, args[1], (uint32_t*)(&byte_offset)));
+
+  napi_valuetype valuetype2;
+  NAPI_CALL(env, napi_typeof(env, args[2], &valuetype2));
+
+  NAPI_ASSERT(env, valuetype2 == napi_number,
+      "Wrong type of arguments. Expects a number as third argument.");
+
+  size_t length = 0;
+  NAPI_CALL(env, napi_get_value_uint32(env, args[2], (uint32_t*)(&length)));
+
+  napi_value output_dataview;
+  NAPI_CALL(env,
+            napi_create_dataview(env, length, arraybuffer,
+                                 byte_offset, &output_dataview));
+
+  return output_dataview;
+}
+
+napi_value CreateDataViewFromJSDataView(napi_env env, napi_callback_info info) {
   size_t argc = 1;
   napi_value args [1];
   NAPI_CALL(env, napi_get_cb_info(env, info, &argc, args, NULL, NULL));
@@ -34,12 +81,15 @@ napi_value CreateDataView(napi_env env, napi_callback_info info) {
             napi_create_dataview(env, length, buffer,
                                  byte_offset, &output_dataview));
 
+
   return output_dataview;
 }
 
 napi_value Init(napi_env env, napi_value exports) {
   napi_property_descriptor descriptors[] = {
-    DECLARE_NAPI_PROPERTY("CreateDataView", CreateDataView)
+    DECLARE_NAPI_PROPERTY("CreateDataView", CreateDataView),
+    DECLARE_NAPI_PROPERTY("CreateDataViewFromJSDataView",
+        CreateDataViewFromJSDataView)
   };
 
   NAPI_CALL(env, napi_define_properties(