src: fix double free reported by coverity

Fix double free reported by coverity. ToBufferEndian() in node_i18n.cc was the only caller of Buffer::New() passing in a MaybeStackBuffer. Coverity reported a double free because there were paths in which the src buffer would be deleted by both the destruction of the MaybeStackBuffer and by the Buffer which was done even in failure cases for Buffer::New(). Signed-off-by: Michael Dawson <[email protected]>
nodejs · mhdawson · Dec 4, 2023 · Dec 4, 2023 · Dec 4, 2023 · e9bf31e80bb7284d022fdd893ed421e5a2bcfd46
commit e9bf31e80bb7284d022fdd893ed421e5a2bcfd46
diff --git a/src/node_internals.h b/src/node_internals.h
@@ -190,16 +190,12 @@ static v8::MaybeLocal<v8::Object> New(Environment* env,
   char* src = reinterpret_cast<char*>(buf->out());
   const size_t len_in_bytes = buf->length() * sizeof(buf->out()[0]);
 
-  if (buf->IsAllocated())
+  if (buf->IsAllocated()) {
     ret = New(env, src, len_in_bytes);
-  else if (!buf->IsInvalidated())
-    ret = Copy(env, src, len_in_bytes);
-
-  if (ret.IsEmpty())
-    return ret;
-
-  if (buf->IsAllocated())
+    // new always takes ownership of src
     buf->Release();
+  } else if (!buf->IsInvalidated())
+    ret = Copy(env, src, len_in_bytes);
 
   return ret;
 }