src: add length assertion in ABVC nullptr case

Renegade334 · Renegade334 · commit 356441a0ab5d · 2026-03-29T14:45:15.000+01:00
When ABVC receives a view on an array buffer with a null data pointer, it sets its own data pointer to uninitialized stack memory. While V8 _should_ always have the view length set to zero in this case, it's worth double-checking. Refs: nodejs#62343
diff --git a/src/util-inl.h b/src/util-inl.h
@@ -593,8 +593,12 @@ void ArrayBufferViewContents<T, S>::Read(v8::Local<v8::ArrayBufferView> abv) {
   if (length_ > sizeof(stack_storage_) || abv->HasBuffer()) {
     v8::Local<v8::ArrayBuffer> ab = abv->Buffer();
     void* ab_data = ab->Data();
-    data_ = ab_data != nullptr ? static_cast<T*>(ab_data) + abv->ByteOffset()
-                               : stack_storage_;
+    if (ab_data != nullptr) {
+      data_ = static_cast<T*>(ab_data) + abv->ByteOffset();
+    } else {
+      CHECK_EQ(length_, 0);
+      data_ = stack_storage_;
+    }
     was_detached_ = ab->WasDetached();
   } else {
     abv->CopyContents(stack_storage_, sizeof(stack_storage_));
