v8: fix offsets for TypedArray deserialization

Fix the offset calculation for deserializing TypedArrays that are
not aligned in their original buffer.

Since `byteOffset` refers to the offset into the source `Buffer`
instance, not its underlying `ArrayBuffer`, that is what should
be passed to `buffer.copy`.

PR-URL: #12143
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>

Author: addaleax

lib/v8.js

@@ -177,7 +177,8 @@ class DefaultDeserializer extends Deserializer {
     } else {
       // Copy to an aligned buffer first.
       const copy = Buffer.allocUnsafe(byteLength);
-      bufferBinding.copy(this.buffer, copy, 0, offset, offset + byteLength);
+      bufferBinding.copy(this.buffer, copy, 0,
+                         byteOffset, byteOffset + byteLength);
       return new ctor(copy.buffer,
                       copy.byteOffset,
                       byteLength / BYTES_PER_ELEMENT);

test/parallel/test-v8-serdes.js

@@ -118,3 +118,12 @@ const objects = [
   assert.deepStrictEqual(buf, ser.releaseBuffer());
   assert.strictEqual(des.getWireFormatVersion(), 0x0d);
 }
+
+{
+  // Unaligned Uint16Array read, with padding in the underlying array buffer.
+  let buf = Buffer.alloc(32 + 9);
+  buf.write('ff0d5c0404addeefbe', 32, 'hex');
+  buf = buf.slice(32);
+  assert.deepStrictEqual(v8.deserialize(buf),
+                         new Uint16Array([0xdead, 0xbeef]));
+}