stream: fix decoded fromList chunk boundary check by watson · Pull Request #61884 · nodejs/node

watson · 2026-02-19T10:28:10Z

Correct fromList() in decoded string mode to compare n against the current chunk length, not the buffer array length.

This prevents over-consuming chunks, which can corrupt readable state and crash with TypeError when mixing setEncoding() and read(n).

I reproduced this in all non-EoL release lines.

For reference, here's the script I used to make read() throw (usually it throws almost instantly, but a few times it can take a little while):

'use strict'

const https = require('node:https')

const url = process.argv[2] || 'https://www.google.com'
const maxRuns = Number(process.argv[3] || 2000)
let runs = 0

function runOnce () {
  runs++
  https.get(url, (res) => {
    res.setEncoding('utf8') // If this line is removed, the crash doesn't happen.

    res.on('readable', () => {
      // Race condition: The call to `res.read(100)` might throw
      while (res.read(100) !== null) {}
    })

    res.on('end', () => {
      if (runs >= maxRuns) {
        console.log(`completed ${runs} runs without crash`)
      } else {
        runOnce()
      }
    })
  })
}

console.log(`reproducing with ${url} for up to ${maxRuns} runs...`)
runOnce()

And here's the output:

reproducing with https://www.google.com for up to 2000 runs...
node:internal/streams/readable:1650
  } else if (n < buf[idx].length) {
                          ^

TypeError: Cannot read properties of undefined (reading 'length')
    at fromList (node:internal/streams/readable:1650:27)
    at Readable.read (node:internal/streams/readable:756:11)
    at IncomingMessage.<anonymous> (/Users/thomas.watson/go/src/github.com/DataDog/dd-trace-js/foo.js:16:18)
    at IncomingMessage.emit (node:events:508:20)
    at emitReadable_ (node:internal/streams/readable:837:12)
    at process.processTicksAndRejections (node:internal/process/task_queues:89:21)

Node.js v25.6.1

nodejs-github-bot · 2026-02-19T10:28:14Z

Review requested:

@nodejs/streams

Correct `fromList()` in decoded string mode to compare `n` against the current chunk length, not the buffer array length. This prevents over-consuming chunks, which can corrupt readable state and crash with `TypeError` when mixing `setEncoding()` and `read(n)`.

nodejs-github-bot · 2026-02-19T11:05:46Z

CI: https://ci.nodejs.org/job/node-test-pull-request/71377/

codecov · 2026-02-19T11:44:56Z

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 89.73%. Comparing base (d5279e5) to head (2984f13).
⚠️ Report is 12 commits behind head on main.

Files with missing lines	Patch %	Lines
lib/internal/streams/readable.js	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #61884      +/-   ##
==========================================
- Coverage   91.81%   89.73%   -2.08%     
==========================================
  Files         338      675     +337     
  Lines      140073   204855   +64782     
  Branches    22081    39372   +17291     
==========================================
+ Hits       128605   183829   +55224     
- Misses      11242    13287    +2045     
- Partials      226     7739    +7513

Files with missing lines	Coverage Δ
lib/internal/streams/readable.js	`97.16% <0.00%> (+0.88%)`	⬆️

... and 456 files with indirect coverage changes

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

mcollina

lgtm

nodejs-github-bot · 2026-02-21T10:37:07Z

Commit Queue failed

- Loading data for nodejs/node/pull/61884 ✔ Done loading data for nodejs/node/pull/61884 ----------------------------------- PR info ------------------------------------ Title stream: fix decoded fromList chunk boundary check (#61884) Author Thomas Watson <w@tson.dk> (@watson) Branch watson:fix-readable-stream-bug -> nodejs:main Labels stream, author ready, needs-ci Commits 2 - stream: fix decoded fromList chunk boundary check - fix lint Committers 1 - Thomas Watson <w@tson.dk> PR-URL: https://github.com/nodejs/node/pull/61884 Reviewed-By: Robert Nagy <ronagy@icloud.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Ilyas Shabi <ilyasshabi94@gmail.com> Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Minwoo Jung <nodecorelab@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev> ------------------------------ Generated metadata ------------------------------ PR-URL: https://github.com/nodejs/node/pull/61884 Reviewed-By: Robert Nagy <ronagy@icloud.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Ilyas Shabi <ilyasshabi94@gmail.com> Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Minwoo Jung <nodecorelab@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev> -------------------------------------------------------------------------------- ℹ This PR was created on Thu, 19 Feb 2026 10:28:10 GMT ✔ Approvals: 9 ✔ - Robert Nagy (@ronag) (TSC): https://github.com/nodejs/node/pull/61884#pullrequestreview-3824865677 ✔ - Ruben Bridgewater (@BridgeAR) (TSC): https://github.com/nodejs/node/pull/61884#pullrequestreview-3824921277 ✔ - Ilyas Shabi (@IlyasShabi): https://github.com/nodejs/node/pull/61884#pullrequestreview-3825273620 ✔ - Gürgün Dayıoğlu (@gurgunday): https://github.com/nodejs/node/pull/61884#pullrequestreview-3825732569 ✔ - Luigi Pinca (@lpinca): https://github.com/nodejs/node/pull/61884#pullrequestreview-3828304463 ✔ - Matteo Collina (@mcollina) (TSC): https://github.com/nodejs/node/pull/61884#pullrequestreview-3828525776 ✔ - Minwoo Jung (@JungMinu): https://github.com/nodejs/node/pull/61884#pullrequestreview-3830500467 ✔ - Colin Ihrig (@cjihrig): https://github.com/nodejs/node/pull/61884#pullrequestreview-3832438069 ✔ - Ethan Arrowood (@Ethan-Arrowood): https://github.com/nodejs/node/pull/61884#pullrequestreview-3832584001 ✔ Last GitHub CI successful ℹ Last Full PR CI on 2026-02-19T11:05:46Z: https://ci.nodejs.org/job/node-test-pull-request/71377/ - Querying data for job/node-test-pull-request/71377/ ✔ Build data downloaded ✔ Last Jenkins CI successful -------------------------------------------------------------------------------- ✔ No git cherry-pick in progress ✔ No git am in progress ✔ No git rebase in progress -------------------------------------------------------------------------------- - Bringing origin/main up to date... From https://github.com/nodejs/node * branch main -> FETCH_HEAD ✔ origin/main is now up-to-date - Downloading patch for 61884 From https://github.com/nodejs/node * branch refs/pull/61884/merge -> FETCH_HEAD ✔ Fetched commits as 94df36a12199..2984f1316238 -------------------------------------------------------------------------------- [main 555cb3c22c] stream: fix decoded fromList chunk boundary check Author: Thomas Watson <w@tson.dk> Date: Thu Feb 19 11:25:19 2026 +0100 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 test/parallel/test-stream2-read-correct-num-bytes-in-utf8.js [main 78184b3a60] fix lint Author: Thomas Watson <w@tson.dk> Date: Thu Feb 19 11:43:24 2026 +0100 1 file changed, 1 insertion(+) ✔ Patches applied There are 2 commits in the PR. Attempting autorebase. (node:458) [DEP0190] DeprecationWarning: Passing args to a child process with shell option true can lead to security vulnerabilities, as the arguments are not escaped, only concatenated. (Use `node --trace-deprecation ...` to show where the warning was created) Rebasing (2/4) Executing: git node land --amend --yes --------------------------------- New Message ---------------------------------- stream: fix decoded fromList chunk boundary check

Correct fromList() in decoded string mode to compare n against the
current chunk length, not the buffer array length.

This prevents over-consuming chunks, which can corrupt readable state
and crash with TypeError when mixing setEncoding() and read(n).

PR-URL: #61884
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Ilyas Shabi <ilyasshabi94@gmail.com>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>

[detached HEAD ca615c81bd] stream: fix decoded fromList chunk boundary check
Author: Thomas Watson <w@tson.dk>
Date: Thu Feb 19 11:25:19 2026 +0100
2 files changed, 16 insertions(+), 1 deletion(-)
create mode 100644 test/parallel/test-stream2-read-correct-num-bytes-in-utf8.js
Rebasing (3/4)
Rebasing (4/4)
Executing: git node land --amend --yes
--------------------------------- New Message ----------------------------------
fix lint

PR-URL: #61884
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Ilyas Shabi <ilyasshabi94@gmail.com>
Reviewed-By: Gürgün Dayıoğlu <hey@gurgun.day>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>

[detached HEAD 403f5bd46a] fix lint
Author: Thomas Watson <w@tson.dk>
Date: Thu Feb 19 11:43:24 2026 +0100
1 file changed, 1 insertion(+)
Successfully rebased and updated refs/heads/main.

ℹ Add commit-queue-squash label to land the PR as one commit, or commit-queue-rebase to land as separate commits.

https://github.com/nodejs/node/actions/runs/22255290326

nodejs-github-bot added needs-ci PRs that need a full CI run. stream Issues and PRs related to the stream subsystem. labels Feb 19, 2026

watson force-pushed the fix-readable-stream-bug branch from 8a962b7 to 5ef134f Compare February 19, 2026 10:30

watson changed the title ~~fix(stream): fix decoded fromList chunk boundary check~~ stream: fix decoded fromList chunk boundary check Feb 19, 2026

ronag approved these changes Feb 19, 2026

View reviewed changes

fix lint

2984f13

BridgeAR approved these changes Feb 19, 2026

View reviewed changes

BridgeAR added request-ci Add this label to start a Jenkins CI on a PR. author ready PRs that have at least one approval, no pending requests for changes, and a CI started. labels Feb 19, 2026

github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Feb 19, 2026

IlyasShabi approved these changes Feb 19, 2026

View reviewed changes

gurgunday approved these changes Feb 19, 2026

View reviewed changes

lpinca approved these changes Feb 19, 2026

View reviewed changes

mcollina approved these changes Feb 19, 2026

View reviewed changes

mcollina added request-ci Add this label to start a Jenkins CI on a PR. commit-queue Add this label to land a pull request using GitHub Actions. and removed request-ci Add this label to start a Jenkins CI on a PR. labels Feb 19, 2026

JungMinu approved these changes Feb 20, 2026

View reviewed changes

cjihrig approved these changes Feb 20, 2026

View reviewed changes

Ethan-Arrowood approved these changes Feb 20, 2026

View reviewed changes

nodejs-github-bot added commit-queue-failed An error occurred while landing this pull request using GitHub Actions. and removed commit-queue Add this label to land a pull request using GitHub Actions. labels Feb 21, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Comments

stream: fix decoded fromList chunk boundary check#61884

stream: fix decoded fromList chunk boundary check#61884
watson wants to merge 2 commits intonodejs:mainfrom
watson:fix-readable-stream-bug

watson commented Feb 19, 2026 •

edited

Loading

Uh oh!

nodejs-github-bot commented Feb 19, 2026

Uh oh!

nodejs-github-bot commented Feb 19, 2026

Uh oh!

codecov bot commented Feb 19, 2026 •

edited

Loading

Uh oh!

mcollina left a comment

Uh oh!

nodejs-github-bot commented Feb 21, 2026

[detached HEAD 403f5bd46a] fix lint
Author: Thomas Watson <w@tson.dk>
Date: Thu Feb 19 11:43:24 2026 +0100
1 file changed, 1 insertion(+)
Successfully rebased and updated refs/heads/main.

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

11 participants

Uh oh!

Comments

Conversation

watson commented Feb 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

nodejs-github-bot commented Feb 19, 2026

Uh oh!

nodejs-github-bot commented Feb 19, 2026

Uh oh!

codecov bot commented Feb 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

mcollina left a comment

Choose a reason for hiding this comment

Uh oh!

nodejs-github-bot commented Feb 21, 2026

[detached HEAD 403f5bd46a] fix lint Author: Thomas Watson <w@tson.dk> Date: Thu Feb 19 11:43:24 2026 +0100 1 file changed, 1 insertion(+) Successfully rebased and updated refs/heads/main.

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

11 participants

watson commented Feb 19, 2026 •

edited

Loading

codecov bot commented Feb 19, 2026 •

edited

Loading

[detached HEAD 403f5bd46a] fix lint
Author: Thomas Watson <w@tson.dk>
Date: Thu Feb 19 11:43:24 2026 +0100
1 file changed, 1 insertion(+)
Successfully rebased and updated refs/heads/main.