是什么让 Buffer.allocUnsafe() 和 Buffer.allocUnsafeSlow() "不安全"?

\What makes Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() "unsafe"?

调用 Buffer.allocUnsafe() 和 Buffer.allocUnsafeSlow() 时,分配的内存段未初始化(未清零)。虽然这种设计使内存分配速度非常快,但分配的内存段可能包含可能敏感的旧数据。使用由 Buffer.allocUnsafe() 创建的 Buffer 而没有完全覆盖内存可以让旧数据在读取 Buffer 内存时泄漏。

\When calling Buffer.allocUnsafe() and Buffer.allocUnsafeSlow(), the segment of allocated memory is uninitialized (it is not zeroed-out). While this design makes the allocation of memory quite fast, the allocated segment of memory might contain old data that is potentially sensitive. Using a Buffer created by Buffer.allocUnsafe() without completely overwriting the memory can allow this old data to be leaked when the Buffer memory is read.

虽然使用 Buffer.allocUnsafe() 有明显的性能优势,但必须格外小心以避免将安全漏洞引入应用。

\While there are clear performance advantages to using Buffer.allocUnsafe(), extra care must be taken in order to avoid introducing security vulnerabilities into an application.