From 9b7f79a8bdf2aa3f78e33dce03a58a436eb8f67c Mon Sep 17 00:00:00 2001
From: Michael Dawson <midawson@redhat.com>
Date: Mon, 4 Dec 2023 17:30:18 +0000
Subject: [PATCH] src: fix double free reported by coverity

Fix double free reported by coverity. ToBufferEndian()
in node_i18n.cc was the only caller of Buffer::New() passing
in a MaybeStackBuffer. Coverity reported a double free
because there were paths in which the src buffer would
be deleted by both the destruction of the MaybeStackBuffer and
by the Buffer which was done even in failure cases for
Buffer::New().

Signed-off-by: Michael Dawson <midawson@redhat.com>
PR-URL: https://github.com/nodejs/node/pull/51046
Reviewed-By: James M Snell <jasnell@gmail.com>
---
 src/node_internals.h | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/src/node_internals.h b/src/node_internals.h
index 5604f35aeff6b4..c9d6881cb8fbbf 100644
--- a/src/node_internals.h
+++ b/src/node_internals.h
@@ -192,16 +192,13 @@ static v8::MaybeLocal<v8::Object> New(Environment* env,
   char* src = reinterpret_cast<char*>(buf->out());
   const size_t len_in_bytes = buf->length() * sizeof(buf->out()[0]);
 
-  if (buf->IsAllocated())
+  if (buf->IsAllocated()) {
     ret = New(env, src, len_in_bytes);
-  else if (!buf->IsInvalidated())
-    ret = Copy(env, src, len_in_bytes);
-
-  if (ret.IsEmpty())
-    return ret;
-
-  if (buf->IsAllocated())
+    // new always takes ownership of src
     buf->Release();
+  } else if (!buf->IsInvalidated()) {
+    ret = Copy(env, src, len_in_bytes);
+  }
 
   return ret;
 }