safe-buffer
Advanced tools
Comparing version 2.0.0 to 3.0.0
20
index.js
module.exports = SafeBuffer | ||
module.exports.Buffer = SafeBuffer | ||
function SafeBuffer (arg1, arg2) { | ||
var buffer = new Buffer(arg1, arg2) | ||
if (typeof arg1 === 'number') { | ||
buffer.fill(0) | ||
} | ||
return buffer | ||
function SafeBuffer (value, encoding) { | ||
return Buffer(value, encoding) | ||
} | ||
@@ -20,3 +16,3 @@ | ||
} | ||
return new Buffer(value, encoding) | ||
return Buffer(value, encoding) | ||
} | ||
@@ -28,12 +24,12 @@ | ||
} | ||
return new Buffer(size) | ||
var buffer = Buffer(size) | ||
buffer.fill(0) | ||
return buffer | ||
} | ||
SafeBuffer.zalloc = function (size) { | ||
SafeBuffer.allocRaw = function (size) { | ||
if (typeof size !== 'number') { | ||
throw new TypeError('Argument must be a number') | ||
} | ||
var buffer = new Buffer(size) | ||
buffer.fill(0) | ||
return buffer | ||
return Buffer(size) | ||
} |
{ | ||
"name": "safe-buffer", | ||
"description": "Safer Node.js Buffer API", | ||
"version": "2.0.0", | ||
"version": "3.0.0", | ||
"author": { | ||
@@ -6,0 +6,0 @@ "name": "Feross Aboukhadijeh", |
@@ -32,12 +32,9 @@ # safe-buffer [![travis][travis-image]][travis-url] [![npm][npm-image]][npm-url] [![downloads][downloads-image]][npm-url] | ||
new Buffer(obj) | ||
new Buffer(16) // create an uninitialized buffer (potentially unsafe) | ||
// But this potentially unsafe operation now returns zeroed out memory: | ||
// But you can use these new explicit APIs to make clear what you want: | ||
new Buffer(16) // this is safe now! | ||
// Going forward, use an explicit API to make clear what you want. | ||
Buffer.from('hey', 'utf8') // convert from many types to a Buffer | ||
Buffer.zalloc(16) // create a zero-filled buffer (safe) | ||
Buffer.alloc(16) // create an uninitialized buffer (potentially unsafe) | ||
Buffer.alloc(16) // create a zero-filled buffer (safe) | ||
Buffer.allocRaw(16) // create an uninitialized buffer (potentially unsafe) | ||
``` | ||
@@ -53,7 +50,7 @@ | ||
### `Buffer.zalloc(size)` | ||
### `Buffer.alloc(size)` | ||
Allocate a zero-filled buffer with the given `size`. This is safe and recommended to use. | ||
### `Buffer.alloc(size)` | ||
### `Buffer.allocRaw(size)` | ||
@@ -241,10 +238,10 @@ Allocate an uninitialized buffer with the given `size`. This is potentially unsafe. The | ||
#### A new API: `Buffer.alloc(number)` | ||
#### A new API: `Buffer.allocRaw(number)` | ||
The functionality of creating buffers with uninitialized memory should be part of another | ||
API. We propose `Buffer.alloc(number)`. This way, it's not part of an API that frequently | ||
gets user input of all sorts of different types passed into it. | ||
API. We propose `Buffer.allocRaw(number)`. This way, it's not part of an API that | ||
frequently gets user input of all sorts of different types passed into it. | ||
```js | ||
var buf = Buffer.alloc(16) // careful, uninitialized memory! | ||
var buf = Buffer.allocRaw(16) // careful, uninitialized memory! | ||
@@ -279,20 +276,18 @@ // Immediately overwrite the uninitialized buffer with data from another buffer | ||
We could deprecate and remove `new Buffer(number)` and use `Buffer.alloc(number)` when | ||
We could deprecate and remove `new Buffer(number)` and use `Buffer.allocRaw(number)` when | ||
we need uninitialized memory. But that would break 1000s of packages. | ||
We believe the best solution is to: | ||
~~We believe the best solution is to:~~ | ||
~~1. Change `new Buffer(number)` to return safe, zeroed-out memory~~ | ||
~~2. Create a new API for creating uninitialized Buffers. We propose: `Buffer.alloc(number)`~~ | ||
~~2. Create a new API for creating uninitialized Buffers. We propose: `Buffer.allocRaw(number)`~~ | ||
### Update | ||
#### Update | ||
Upon further consideration, we think that returning zeroed out memory is a separate issue. | ||
The core issue is: unsafe buffer allocation should be in a different API. | ||
We now support adding three new APIs: | ||
We now support adding two APIs: | ||
- `Buffer.from(value)` - convert from any type to a buffer | ||
- `Buffer.alloc(size)` - create an uninitialized buffer with given size | ||
- `Buffer.alloc(size)` - create a zero-filled buffer | ||
- `Buffer.allocRaw(size)` - create an uninitialized buffer with given size | ||
@@ -304,3 +299,3 @@ This solves the core problem that affected `ws` and `bittorrent-dht` which is | ||
minimal. Over time, npm maintainers can migrate performance-critical code to use | ||
`Buffer.alloc(number)` instead of `new Buffer(number)`. | ||
`Buffer.allocRaw(number)` instead of `new Buffer(number)`. | ||
@@ -307,0 +302,0 @@ |
43
test.js
@@ -29,11 +29,11 @@ var test = require('tape') | ||
test('new SafeBuffer(number) returns zeroed-out memory', function (t) { | ||
test('SafeBuffer.alloc(number) returns zeroed-out memory', function (t) { | ||
for (var i = 0; i < 10; i++) { | ||
var expected1 = new Buffer(1000) | ||
expected1.fill(0) | ||
t.deepEqual(new SafeBuffer(1000), expected1) | ||
t.deepEqual(SafeBuffer.alloc(1000), expected1) | ||
var expected2 = new Buffer(1000 * 1000) | ||
expected2.fill(0) | ||
t.deepEqual(new SafeBuffer(1000 * 1000), expected2) | ||
t.deepEqual(SafeBuffer.alloc(1000 * 1000), expected2) | ||
} | ||
@@ -43,17 +43,4 @@ t.end() | ||
test('SafeBuffer.zalloc(number) returns zeroed-out memory', function (t) { | ||
for (var i = 0; i < 10; i++) { | ||
var expected1 = new Buffer(1000) | ||
expected1.fill(0) | ||
t.deepEqual(SafeBuffer.zalloc(1000), expected1) | ||
var expected2 = new Buffer(1000 * 1000) | ||
expected2.fill(0) | ||
t.deepEqual(SafeBuffer.zalloc(1000 * 1000), expected2) | ||
} | ||
t.end() | ||
}) | ||
test('SafeBuffer.alloc(number)', function (t) { | ||
var buf = SafeBuffer.alloc(100) // unitialized memory | ||
test('SafeBuffer.allocRaw(number)', function (t) { | ||
var buf = SafeBuffer.allocRaw(100) // unitialized memory | ||
t.equal(buf.length, 100) | ||
@@ -65,32 +52,32 @@ t.equal(SafeBuffer.isBuffer(buf), true) | ||
test('SafeBuffer.alloc() throws with non-number types', function (t) { | ||
test('SafeBuffer.allocRaw() throws with non-number types', function (t) { | ||
t.plan(4) | ||
t.throws(function () { | ||
SafeBuffer.alloc('hey') | ||
SafeBuffer.allocRaw('hey') | ||
}) | ||
t.throws(function () { | ||
SafeBuffer.alloc('hey', 'utf8') | ||
SafeBuffer.allocRaw('hey', 'utf8') | ||
}) | ||
t.throws(function () { | ||
SafeBuffer.alloc([1, 2, 3]) | ||
SafeBuffer.allocRaw([1, 2, 3]) | ||
}) | ||
t.throws(function () { | ||
SafeBuffer.alloc({}) | ||
SafeBuffer.allocRaw({}) | ||
}) | ||
}) | ||
test('SafeBuffer.zalloc() throws with non-number types', function (t) { | ||
test('SafeBuffer.alloc() throws with non-number types', function (t) { | ||
t.plan(4) | ||
t.throws(function () { | ||
SafeBuffer.zalloc('hey') | ||
SafeBuffer.alloc('hey') | ||
}) | ||
t.throws(function () { | ||
SafeBuffer.zalloc('hey', 'utf8') | ||
SafeBuffer.alloc('hey', 'utf8') | ||
}) | ||
t.throws(function () { | ||
SafeBuffer.zalloc([1, 2, 3]) | ||
SafeBuffer.alloc([1, 2, 3]) | ||
}) | ||
t.throws(function () { | ||
SafeBuffer.zalloc({}) | ||
SafeBuffer.alloc({}) | ||
}) | ||
}) |
17169
98
345