blob: unaligned UTF-16LE decode for odd-length/odd-address views

src/runtime/webcore/Blob.rs

@@ -2664,11 +2664,14 @@
 
         if bom == Some(strings::BOM::Utf16Le) {
             let _free = (LIFETIME == Lifetime::Temporary).then(|| TemporaryBytes(raw_bytes));
-            // BOM::Utf16Le ⇒ buf is UTF-16LE bytes; len is even after BOM strip.
-            // Mirrors Zig `bun.reinterpretSlice(u16, buf)`; bytemuck checks align + even-len.
+            // BOM::Utf16Le ⇒ buf is UTF-16LE bytes. Stripping the 2-byte BOM
+            // does not change parity, so an odd-length input would make
+            // `bytemuck::cast_slice` `panic!` (uncatchable). Drop the trailing
+            // odd byte first, mirroring Zig's `@divTrunc(bytes.len, 2)`.
+            let buf = &buf[..buf.len() & !1];
             // +1 WTF ref; `OwnedString` releases it on scope exit (Zig: `defer out.deref()`).
             let out =
                 OwnedString::new(BunString::clone_utf16(bytemuck::cast_slice::<u8, u16>(buf)));
             return out.to_js(global);
         }
 
@@ -2847,8 +2850,11 @@
         }
 
         if bom == Some(strings::BOM::Utf16Le) {
-            // BOM::Utf16Le ⇒ buf is UTF-16LE bytes; len is even after BOM strip.
-            // Mirrors Zig `bun.reinterpretSlice(u16, buf)`; bytemuck checks align + even-len.
+            // BOM::Utf16Le ⇒ buf is UTF-16LE bytes. Stripping the 2-byte BOM
+            // does not change parity, so an odd-length input would make
+            // `bytemuck::cast_slice` `panic!` (uncatchable). Drop the trailing
+            // odd byte first, mirroring Zig's `@divTrunc(bytes.len, 2)`.
+            let buf = &buf[..buf.len() & !1];
             // +1 WTF ref; `OwnedString` releases it on scope exit (Zig: `defer out.deref()`).
             let mut out =
                 OwnedString::new(BunString::clone_utf16(bytemuck::cast_slice::<u8, u16>(buf)));

test/js/web/fetch/blob.test.ts

@@ -324,3 +324,28 @@
   expect(originalType).toStartWith("multipart/form-data; boundary=");
   expect(clonedType).toBe(originalType);
 });
+
+test("Blob.json()/.text() on odd-length UTF-16LE+BOM does not abort", async () => {
+  // Stripping the 2-byte BOM keeps the length odd, which used to make the
+  // u8->u16 cast `panic!` and abort the whole process (uncatchable). Run in a
+  // subprocess: pre-fix it exits 133 with no output; fixed it drops the
+  // trailing odd byte like Zig and parses the valid prefix.
+  const src = `
+    const oddJson = Buffer.concat([Buffer.from([0xFF, 0xFE]), Buffer.from(JSON.stringify({ a: 1 }), "utf16le"), Buffer.from([0x20])]);
+    const oddText = Buffer.concat([Buffer.from([0xFF, 0xFE]), Buffer.from("hi", "utf16le"), Buffer.from([0x20])]);
+    const evenJson = Buffer.concat([Buffer.from([0xFF, 0xFE]), Buffer.from(JSON.stringify({ a: 1 }), "utf16le")]);
+    const j = await new Blob([oddJson]).json();
+    const t = await new Blob([oddText]).text();
+    const e = await new Blob([evenJson]).json();
+    process.stdout.write(JSON.stringify(j) + "|" + JSON.stringify(t) + "|" + JSON.stringify(e));
+  `;
+  await using proc = Bun.spawn({
+    cmd: [bunExe(), "-e", src],
+    env: bunEnv,
+    stdout: "pipe",
+    stderr: "pipe",
+  });
+  const [stdout, exitCode] = await Promise.all([proc.stdout.text(), proc.exited]);
+  expect(stdout).toBe(`{"a":1}|"hi"|{"a":1}`);
+  expect(exitCode).toBe(0);
+});