Skip to content

Resizable ArrayBuffer Fixups#6214

Open
jasnell wants to merge 3 commits intomainfrom
jasnell/array-buffer-fixups
Open

Resizable ArrayBuffer Fixups#6214
jasnell wants to merge 3 commits intomainfrom
jasnell/array-buffer-fixups

Conversation

@jasnell
Copy link
Collaborator

@jasnell jasnell commented Feb 28, 2026

Multiple improvements to resizable ArrayBuffer handling

@jasnell jasnell requested review from a team as code owners February 28, 2026 02:25
@github-actions
Copy link

github-actions bot commented Feb 28, 2026
edited
Loading

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

ask-bonk[bot]
ask-bonk bot reviewed Feb 28, 2026
View reviewed changes
Copy link
Contributor

@ask-bonk ask-bonk bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall this is a solid set of fixes for resizable ArrayBuffer handling. The temp-buffer approach in the BYOB read path correctly prevents SIGSEGV from decommitted pages, and eagerly copying data on the write path eliminates TOCTOU races with resizable/shared buffers. Two minor items:

  1. Dead code in buffer.c++ (inline comment below).
  2. src/workerd/api/streams/README.md line 425 still shows the old Write struct pattern with jsg::V8Ref<v8::ArrayBuffer> ownBytes — worth updating to kj::Array<kj::byte> ownBytes to match the new implementation.

src/workerd/api/node/buffer.c++
// (which reflects the re-validated live size) for copy bounds.

auto ptr = src.asArrayPtr();
if (src.size() == 0) continue;
Copy link
Contributor

@ask-bonk ask-bonk bot Feb 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This check is dead code: since effectiveSize = kj::min(src.size(), ...), effectiveSize > 0 (which passed line 255) implies src.size() > 0. Consider removing it to avoid confusing future readers.

Suggested change
if (src.size() == 0) continue;

@ask-bonk
Copy link
Contributor

ask-bonk bot commented Feb 28, 2026

I'm Bonk, and I've done a quick review of your PR.

Summary: Multiple fixes for resizable ArrayBuffer handling — temp-buffer reads for BYOB to prevent SIGSEGV, eager data copying on writes to eliminate TOCTOU with resizable/shared buffers, and bounds-clamping in Buffer.concat.

Issues found (ranked by severity):

  1. (Low) Dead code in buffer.c++:261if (src.size() == 0) continue; is unreachable after the effectiveSize == 0 guard above it. Posted as an inline suggestion to remove it.

  2. (Low) Stale documentationsrc/workerd/api/streams/README.md line 425 still documents the Write struct with jsg::V8Ref<v8::ArrayBuffer> ownBytes, which should be updated to reflect the new kj::Array<kj::byte> ownBytes pattern. Noted in the review body since the file isn't in the diff.

github run

@jasnell
Copy link
Collaborator Author

jasnell commented Feb 28, 2026

@AlbertSPedersen can I ask you to acknowledge the CLA here in a comment please

@AlbertSPedersen
Copy link

AlbertSPedersen commented Feb 28, 2026

I have read the CLA Document and I hereby sign the CLA

github-actions bot added a commit that referenced this pull request Feb 28, 2026
@github-actions
@AlbertSPedersen has signed the CLA in #6214
7cd940a
AlbertSPedersen and others added 3 commits February 28, 2026 07:28
@AlbertSPedersen @jasnell
Guard BYOB reader against buffer resize during pending read
43f60f0 
When a BYOB read is pending and the underlying resizable ArrayBuffer is
resized, the destination pointer may reference decommitted virtual memory,
causing a SIGSEGV in the memcpy inside tryRead. For resizable buffers,
allocate a temporary heap buffer for the read and copy the data back into
the user's buffer in the .then() callback after validating it is still
large enough. Also add pre-read validation to return a zero-length view
when byteOffset already exceeds the current ByteLength.

Signed-off-by: James M Snell <jsnell@cloudflare.com>
@jasnell
Copy ArrayBuffers on write to internal streams
6932d4c 
Signed-off-by: James M Snell <jsnell@cloudflare.com>
@jasnell
Handle resizable buffers correctly in Buffer.concat
46d1bea 
Signed-off-by: James M Snell <jsnell@cloudflare.com>
@jasnell jasnell force-pushed the jasnell/array-buffer-fixups branch from 25d0407 to 46d1bea Compare February 28, 2026 15:28
@codecov-commenter
Copy link

codecov-commenter commented Feb 28, 2026

Codecov Report

❌ Patch coverage is 72.72727% with 15 lines in your changes missing coverage. Please review.
✅ Project coverage is 70.58%. Comparing base (686673f) to head (46d1bea).

Files with missing lines Patch % Lines
src/workerd/api/streams/internal.c++ 70.83% 11 Missing and 3 partials ⚠️
src/workerd/api/node/buffer.c++ 85.71% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6214      +/-   ##
==========================================
- Coverage   70.60%   70.58%   -0.03%     
==========================================
  Files         413      413              
  Lines      109994   110034      +40     
  Branches    18121    18129       +8     
==========================================
+ Hits        77660    77666       +6     
- Misses      21527    21554      +27     
- Partials    10807    10814       +7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ask-bonk ask-bonk[bot] ask-bonk[bot] left review comments

@guybedford guybedford Awaiting requested review from guybedford

@anonrig anonrig Awaiting requested review from anonrig

@danlapid danlapid Awaiting requested review from danlapid

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jasnell @AlbertSPedersen @codecov-commenter