From ab9c7f52e0a729de9d8c535cfd77e72cc1ca8512 Mon Sep 17 00:00:00 2001
From: Geert-Jan Zwiers <geertjanzwiers@protonmail.com>
Date: Thu, 26 May 2022 17:15:44 +0200
Subject: [PATCH] chore(serde_v8): throw error when string buffer exceeds v8
 max length (#14588)

---
 cli/tests/unit/buffer_test.ts | 13 +++++++++++++
 serde_v8/magic/u16string.rs   | 15 +++++++++++----
 2 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/cli/tests/unit/buffer_test.ts b/cli/tests/unit/buffer_test.ts
index 445c946e2f..41d7e4d7f2 100644
--- a/cli/tests/unit/buffer_test.ts
+++ b/cli/tests/unit/buffer_test.ts
@@ -446,3 +446,16 @@ Deno.test(function testBufferBytesCopyFalseGrowExactBytes() {
   assertEquals(actualBytes.byteLength, bufSize);
   assertEquals(actualBytes.buffer.byteLength, actualBytes.byteLength);
 });
+
+Deno.test(function testThrowsErrorWhenBufferExceedsMaxLength() {
+  const kStringMaxLengthPlusOne = 536870888 + 1;
+  const bytes = new Uint8Array(kStringMaxLengthPlusOne);
+
+  assertThrows(
+    () => {
+      new TextDecoder().decode(bytes);
+    },
+    TypeError,
+    "buffer exceeds maximum length",
+  );
+});
diff --git a/serde_v8/magic/u16string.rs b/serde_v8/magic/u16string.rs
index c1d080ac74..e304ea1879 100644
--- a/serde_v8/magic/u16string.rs
+++ b/serde_v8/magic/u16string.rs
@@ -11,10 +11,17 @@ impl ToV8 for U16String {
     &self,
     scope: &mut v8::HandleScope<'a>,
   ) -> Result<v8::Local<'a, v8::Value>, crate::Error> {
-    let v =
-      v8::String::new_from_two_byte(scope, self, v8::NewStringType::Normal)
-        .unwrap();
-    Ok(v.into())
+    let maybe_v =
+      v8::String::new_from_two_byte(scope, self, v8::NewStringType::Normal);
+
+    // 'new_from_two_byte' can return 'None' if buffer length > kMaxLength.
+    if let Some(v) = maybe_v {
+      Ok(v.into())
+    } else {
+      Err(Error::Message(String::from(
+        "Cannot allocate String from UTF-16: buffer exceeds maximum length.",
+      )))
+    }
   }
 }