Skip to content

Fix #55422: Buffer.concat and Buffer.copy silently produce invalid r#61914

Open
danielalanbates wants to merge 1 commit intonodejs:mainfrom
danielalanbates:fix/issue-55422
Open

Fix #55422: Buffer.concat and Buffer.copy silently produce invalid r#61914
danielalanbates wants to merge 1 commit intonodejs:mainfrom
danielalanbates:fix/issue-55422

Conversation

@danielalanbates
Copy link

@danielalanbates danielalanbates commented Feb 21, 2026
edited by Renegade334
Loading

Fixes: #55422

Summary

This PR fixes: Buffer.concat and Buffer.copy silently produce invalid results when the operation involves indices equal or greater than 2^32

Changes

src/node_buffer.cc                      | 24 ++++++++++++------
 test/parallel/test-buffer-copy-large.js | 44 +++++++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+), 8 deletions(-)

Testing

Please review the changes carefully. The fix was verified against the existing test suite.

This PR was created with the assistance of Claude Sonnet 4.6 by Anthropic | effort: high. Happy to make any adjustments!

@nodejs-github-bot nodejs-github-bot added buffer Issues and PRs related to the buffer subsystem. c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. labels Feb 21, 2026
@codecov
Copy link

codecov bot commented Feb 21, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 66.66667% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.65%. Comparing base (f632f3f) to head (6ac2ab5).
⚠️ Report is 120 commits behind head on main.

Files with missing lines Patch % Lines
src/node_buffer.cc 66.66% 2 Missing and 2 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #61914      +/-   ##
==========================================
- Coverage   91.70%   89.65%   -2.06%     
==========================================
  Files         337      676     +339     
  Lines      140104   206549   +66445     
  Branches    21758    39544   +17786     
==========================================
+ Hits       128484   185172   +56688     
- Misses      11398    13480    +2082     
- Partials      222     7897    +7675
Files with missing lines Coverage Δ
src/node_buffer.cc 67.90% <66.66%> (ø)

... and 477 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Renegade334
Renegade334 reviewed Feb 21, 2026
View reviewed changes
@danielalanbates
Copy link
Author

danielalanbates commented Feb 21, 2026

Thanks for the feedback, @Renegade334! I've pushed an update addressing your review comments. Please take another look when you get a chance.

@Renegade334
Copy link
Member

Renegade334 commented Feb 21, 2026

Mostly good, modulo:

@Renegade334 Renegade334 mentioned this pull request Mar 8, 2026
Closed
@Renegade334
Copy link
Member

Renegade334 commented Mar 8, 2026

@danielalanbates are you able to address the above comments?

@danielalanbates
buffer: fix Buffer.copy for large offsets >= 2^32
6ac2ab5 
Buffer.copy silently produced incorrect results when indices
involved were >= 2^32 due to 32-bit integer overflow in the
native SlowCopy and FastCopy functions in node_buffer.cc.

Change the parameter types and return type of SlowCopy and
FastCopy from uint32_t to uint64_t so that offsets beyond
4 GiB are handled correctly.

Fixes: nodejs#55422
@Renegade334 Renegade334 added request-ci Add this label to start a Jenkins CI on a PR. dont-land-on-v20.x PRs that should not land on the v20.x-staging branch and should not be released in v20.x. lts-watch-v22.x PRs that may need to be released in v22.x lts-watch-v24.x PRs that may need to be released in v24.x labels Mar 9, 2026
@Renegade334 Renegade334 requested a review from ronag March 9, 2026 03:50
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 9, 2026
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 9, 2026

CI: https://ci.nodejs.org/job/node-test-pull-request/71612/

@Renegade334 Renegade334 added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Mar 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Renegade334 Renegade334 Renegade334 approved these changes

@ronag ronag Awaiting requested review from ronag

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. buffer Issues and PRs related to the buffer subsystem. c++ Issues and PRs that require attention from people who are familiar with C++. dont-land-on-v20.x PRs that should not land on the v20.x-staging branch and should not be released in v20.x. lts-watch-v22.x PRs that may need to be released in v22.x lts-watch-v24.x PRs that may need to be released in v24.x needs-ci PRs that need a full CI run.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Buffer.concat and Buffer.copy silently produce invalid results when the operation involves indices equal or greater than 2^32

3 participants

@danielalanbates @Renegade334 @nodejs-github-bot