projects / nodejs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4afc5bf) | patch
[PATCH] src,lib: refactor unsafe buffer creation to remove zero-fill toggle
authorСковорода Никита Андреевич <chalkerx@gmail.com>
Fri, 7 Nov 2025 14:50:57 +0000 (11:50 -0300)
committerJérémy Lal <kapouer@melix.org>
Tue, 24 Mar 2026 21:11:25 +0000 (22:11 +0100)
commit9aee31d9d6de262eb3d1b6a086f593f4bfe48a99
tree93b6483ef58ba5c12eca76e7a7f0575839a13a94tree | snapshot
parent4afc5bfb18049c2938961950cadd5987e0a52212commit | diff
[PATCH] src,lib: refactor unsafe buffer creation to remove zero-fill toggle

This removes the zero-fill toggle mechanism that allowed JavaScript
to control ArrayBuffer initialization via shared memory. Instead,
unsafe buffer creation now uses a dedicated C++ API.

Refs: https://hackerone.com/reports/3405778
Co-Authored-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Co-Authored-By: Joyee Cheung <joyeec9h3@gmail.com>
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
PR-URL: https://github.com/nodejs-private/node-private/pull/759
Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/799
CVE-ID: CVE-2025-55131

Gbp-Pq: Topic sec
Gbp-Pq: Name 38-refactor-unsafe-buffer-creation-to-remove-zero-fill-toggle.patch
deps/v8/include/v8-array-buffer.h diff | blob | history
deps/v8/src/api/api.cc diff | blob | history
lib/internal/buffer.js diff | blob | history
lib/internal/process/pre_execution.js diff | blob | history
src/api/environment.cc diff | blob | history
src/node_buffer.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.