Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(NODE-6536): Binary.read never returns number[] and reads beyond content #727

Merged
merged 2 commits into from
Nov 14, 2024
Merged

fix(NODE-6536): Binary.read never returns number[] and reads beyond content #727

merged 2 commits into from
Nov 14, 2024

Conversation

nbbeeken
Copy link
Contributor

@nbbeeken nbbeeken commented Nov 13, 2024
edited
Loading

Description

What is changing?

  • Fix Binary.read return type to be correctly Uint8Array
  • Use subarray instead of slice so there isn't inconsistent view/copy between node and web
  • Prevent reading beyond serializable user data
  • Remove dead code from deserializer (buffer.slice is always defined)
  • Searched for our usages of slice when we mean to use subarray to get views not copies. This has no impact on Node, fixes browser environments making copies where we did not intend to
Is there new documentation needed for these changes?

No

What is the motivation for this change?

Correctness and consistency

Release Highlight

Binary's read() returns a view of Uint8Array

Binary's read() return type claimed it would return number[] or Uint8Array which was true in previous BSON versions that didn't always store a Uint8Array on the buffer property like Binary does today.

read()'s length parameter did not respect the position value allowing reading bytes beyond the data that is actually stored in the Binary. This has been corrected.

Additionally this method returned a view in Node.js environemnets and a copy in Web environments. it has been fixed to always return a view.

Double check the following

  • Ran npm run check:lint script
  • Self-review completed using the steps outlined here
  • PR title follows the correct format: type(NODE-xxxx)[!]: description
    • Example: feat(NODE-1234)!: rewriting everything in coffeescript
  • Changes are covered by tests
  • New TODOs have a related JIRA ticket

@nbbeeken nbbeeken marked this pull request as ready for review November 13, 2024 14:45
@baileympearson baileympearson self-assigned this Nov 13, 2024
@baileympearson baileympearson added the Primary Review In Review with primary reviewer, not yet ready for team's eyes label Nov 13, 2024
baileympearson
baileympearson requested changes Nov 13, 2024
View reviewed changes
src/binary.ts Show resolved Hide resolved
src/binary.ts Show resolved Hide resolved
@baileympearson baileympearson merged commit f99fdfd into main Nov 14, 2024
8 checks passed
@baileympearson baileympearson deleted the NODE-6536 branch November 14, 2024 20:48
@github-actions github-actions bot mentioned this pull request Nov 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@baileympearson baileympearson baileympearson approved these changes

Assignees

@baileympearson baileympearson

Labels
Primary Review In Review with primary reviewer, not yet ready for team's eyes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nbbeeken @baileympearson