buffer: validate UTF8 on fast path

Fast API handles invalid UTF differently than the slow API.

Fixes: #54521
PR-URL: #54525

Author: ronag

src/node_buffer.cc

@@ -1489,6 +1489,33 @@ uint32_t FastWriteString(Local<Value> receiver,
 
 static v8::CFunction fast_write_string(v8::CFunction::Make(FastWriteString));
 
+uint32_t FastWriteStringUTF8(Local<Value> receiver,
+                             const v8::FastApiTypedArray<uint8_t>& dst,
+                             const v8::FastOneByteString& src,
+                             uint32_t offset,
+                             uint32_t max_length,
+                             v8::FastApiCallbackOptions& options) {
+  uint8_t* dst_data;
+  CHECK(dst.getStorageIfAligned(&dst_data));
+  CHECK(offset <= dst.length());
+  CHECK(dst.length() - offset <= std::numeric_limits<uint32_t>::max());
+
+  const auto size = std::min(
+      {static_cast<uint32_t>(dst.length() - offset), max_length, src.length});
+
+  if (!simdutf::validate_utf8(src.data, size)) {
+    options.fallback = true;
+    return 0;
+  }
+
+  memcpy(dst_data + offset, src.data, size);
+
+  return size;
+}
+
+static v8::CFunction fast_write_string_utf8(
+  v8::CFunction::Make(FastWriteStringUTF8));
+
 void Initialize(Local<Object> target,
                 Local<Value> unused,
                 Local<Context> context,
@@ -1568,7 +1595,7 @@ void Initialize(Local<Object> target,
                 target,
                 "utf8WriteStatic",
                 SlowWriteString<UTF8>,
-                &fast_write_string);
+                &fast_write_string_utf8);
 
   SetMethod(context, target, "getZeroFillToggle", GetZeroFillToggle);
 }
@@ -1615,6 +1642,8 @@ void RegisterExternalReferences(ExternalReferenceRegistry* registry) {
   registry->Register(SlowWriteString<UTF8>);
   registry->Register(fast_write_string.GetTypeInfo());
   registry->Register(FastWriteString);
+  registry->Register(fast_write_string_utf8.GetTypeInfo());
+  registry->Register(FastWriteStringUTF8);
   registry->Register(StringWrite<ASCII>);
   registry->Register(StringWrite<BASE64>);
   registry->Register(StringWrite<BASE64URL>);

src/node_external_reference.h

@@ -63,6 +63,14 @@ using CFunctionWriteString =
                  uint32_t offset,
                  uint32_t max_length);
 
+using CFunctionWriteStringFallback =
+    uint32_t (*)(v8::Local<v8::Value> receiver,
+                 const v8::FastApiTypedArray<uint8_t>& dst,
+                 const v8::FastOneByteString& src,
+                 uint32_t offset,
+                 uint32_t max_length,
+                 v8::FastApiCallbackOptions& options);
+
 using CFunctionBufferCopy =
     uint32_t (*)(v8::Local<v8::Value> receiver,
                  const v8::FastApiTypedArray<uint8_t>& source,
@@ -96,6 +104,7 @@ class ExternalReferenceRegistry {
   V(CFunctionWithBool)                                                         \
   V(CFunctionBufferCopy)                                                       \
   V(CFunctionWriteString)                                                      \
+  V(CFunctionWriteStringFallback)                                              \
   V(const v8::CFunctionInfo*)                                                  \
   V(v8::FunctionCallback)                                                      \
   V(v8::AccessorNameGetterCallback)                                            \

test/parallel/test-buffer-write.js

@@ -106,3 +106,17 @@ assert.strictEqual(Buffer.alloc(4)
   assert.strictEqual(buf.write('ыы', 1, 'utf16le'), 4);
   assert.deepStrictEqual([...buf], [0, 0x4b, 0x04, 0x4b, 0x04, 0, 0, 0]);
 }
+
+{
+  let i = 0;
+
+  while (i < 1_000_000) {
+    const buf = Buffer.from("\x80")
+
+    if (buf[0] !== 194 || buf[1] !== 128) {
+      assert(false);
+    }
+
+    i++;
+  }
+}