From: Bryce Baril <bryce@ravenwall.com>
Date: Fri, 4 Dec 2015 18:08:51 +0000 (-0800)
Subject: buffer: Prevent Buffer constructor deopt
X-Git-Tag: v4.2.5~137
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c6dc2a1609e78b27aa71388d06563d47af711c8e;p=platform%2Fupstream%2Fnodejs.git

buffer: Prevent Buffer constructor deopt

The Buffer constructor will generally get inlined, but any call to the Buffer
constructor for a string without encoding will cause an eager deoptimization
of any function that inlined the Buffer constructor. This is due to a an
out-of-bounds read on `arguments[1]`. This change prevents that deopt.

PR-URL: https://github.com/nodejs/node/pull/4158
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
---

diff --git a/lib/buffer.js b/lib/buffer.js
index 3d5e96e..378dde7 100644
--- a/lib/buffer.js
+++ b/lib/buffer.js
@@ -40,7 +40,7 @@ function alignPool() {
 }
 
 
-function Buffer(arg) {
+function Buffer(arg, encoding) {
   // Common case.
   if (typeof arg === 'number') {
     // If less than zero, or NaN.
@@ -51,7 +51,7 @@ function Buffer(arg) {
 
   // Slightly less common case.
   if (typeof arg === 'string') {
-    return fromString(arg, arguments[1]);
+    return fromString(arg, encoding);
   }
 
   // Unusual.