src: clamp WriteUtf8 capacity to INT_MAX in EncodeInto

semimikoh · semimikoh · commit bb48d929056a · 2026-04-07T11:27:55.000+09:00
Signed-off-by: semimikoh &lt;ejffjeosms@gmail.com&gt;
diff --git a/src/encoding_binding.cc b/src/encoding_binding.cc
@@ -8,6 +8,7 @@
 #include "string_bytes.h"
 #include "v8.h"
 
+#include <algorithm>
 #include <climits>
 #include <cstdint>
 
@@ -98,14 +99,12 @@ void BindingData::EncodeInto(const FunctionCallbackInfo<Value>& args) {
   Local<ArrayBuffer> buf = dest->Buffer();
   char* write_result = static_cast<char*>(buf->Data()) + dest->ByteOffset();
   size_t dest_length = dest->ByteLength();
-  int max_length =
-      dest_length > static_cast<size_t>(INT_MAX) ? INT_MAX : dest_length;
 
   int nchars;
   int written = source->WriteUtf8(
       isolate,
       write_result,
-      max_length,
+      std::min(dest_length, static_cast<size_t>(INT_MAX)),
       &nchars,
       String::NO_NULL_TERMINATION | String::REPLACE_INVALID_UTF8);
 
diff --git a/test/parallel/test-whatwg-encoding-encodeinto-large.js b/test/parallel/test-whatwg-encoding-encodeinto-large.js
@@ -0,0 +1,41 @@
+'use strict';
+
+const common = require('../common');
+
+common.skipIf32Bits();
+
+const assert = require('assert');
+
+const encoder = new TextEncoder();
+const source = 'a\xFF\u6211\u{1D452}';
+const expected = encoder.encode(source);
+
+const size = 2 ** 31 + expected.length;
+const offset = expected.length - 1;
+let dest;
+
+try {
+  dest = new Uint8Array(size);
+} catch (e) {
+  if (e.code === 'ERR_MEMORY_ALLOCATION_FAILED' ||
+      /Array buffer allocation failed/.test(e.message)) {
+    common.skip('insufficient space for Uint8Array allocation');
+  }
+  throw e;
+}
+
+const large = encoder.encodeInto(source, dest.subarray(offset));
+assert.deepStrictEqual(large, {
+  read: source.length,
+  written: expected.length,
+});
+assert.deepStrictEqual(dest.slice(offset, offset + expected.length), expected);
+
+const bounded = encoder.encodeInto(source,
+                                   dest.subarray(offset,
+                                                 offset + expected.length));
+assert.deepStrictEqual(bounded, {
+  read: source.length,
+  written: expected.length,
+});
+assert.deepStrictEqual(dest.slice(offset, offset + expected.length), expected);
diff --git a/test/pummel/test-whatwg-encoding-encodeinto-large.js b/test/pummel/test-whatwg-encoding-encodeinto-large.js
