I don't think that size_t always fits into an int. Why do we need to cast here? (Feel free to land once this is addressed if I don't get around to change my review to approve in time.)

I agree it should not be needed in this check. In places where it is passed on to v8 then it is needed.

@mhdawson No, the issue isn’t that it’s in the wrong place – it’s that a downcast is a real bug here, because it truncates location_len

@addaleax, to clarify we know that size_t does not fit into an int, so where its going to be passed to v8 a cast is required to avoid warnings. In this case we should just be comparing NAPI_AUTO_LENGTH directly against location_len.

@mhdawson Yeah, but we can’t just downcast without any checks in this case. Imagine a platform that has 32-bit int, and 64-bit size_t. When an addon tries to create a N-API string that contains (2^32 + 1) characters – not knowing that that doesn’t work, because, how would it tell? – N-API would currently silently truncate that size argument to 1, and happily create a one-character string. I think that qualifies as a bug.

I think I'm still missing something here, sorry. If we change to be:

if (location_len != NAPI_AUTO_LENGTH)

is it that there is a problem later on ?

Aside: sizeof(char) is 1 by definition and reinterpret_cast is overkill here, static_cast would have sufficed.

What's more, I don't understand why this code makes copies. This function does not return. It seems like completely unneeded complexity.

The reason for doing copy here is to account for strings that are not null terminated.

Okay, but the other two points still stand. As well, you don't handle nullptr return values. If you use node::Malloc(), that's taken care of.

Or use std::string, that will also stop Coverity from complaining about memory leaks.