From b61f85b0c8733255d94e57dbd4642e4e1d993947 Mon Sep 17 00:00:00 2001
From: Arne Goedeke <arne@deuso.de>
Date: Fri, 4 Oct 2024 23:52:42 +0200
Subject: [PATCH] v8.deserialize: Fix out of bounds write

When v8.deserialized is passed a Buffer with non-zero byteOffset,
it will call copy and try to copy more bytes than are allocated
in the destination buffer. This will then call the SlowCopy method
which will call memmove and write bytes after the buffer.

This bug has been observed with the parcel tool.
---
 lib/v8.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/v8.js b/lib/v8.js
index b687d8709c99a0..b506d96139e33b 100644
--- a/lib/v8.js
+++ b/lib/v8.js
@@ -368,7 +368,7 @@ class DefaultDeserializer extends Deserializer {
     }
     // Copy to an aligned buffer first.
     const buffer_copy = Buffer.allocUnsafe(byteLength);
-    copy(this.buffer, buffer_copy, 0, byteOffset, byteOffset + byteLength);
+    copy(this.buffer, buffer_copy, 0, byteOffset, byteLength);
     return new ctor(buffer_copy.buffer,
                     buffer_copy.byteOffset,
                     byteLength / BYTES_PER_ELEMENT);