• Version:v12.16.0
• Platform:Linux vul337 4.15.0-91-generic new design of error handling #92-Ubuntu SMP Fri Feb 28 11:09:48 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
• Subsystem:zlib

What steps will reproduce the bug?

Directly run the following code snippet using node:

require('zlib').gzip(0, require('stream').Transform.prototype._write)

How often does it reproduce? Is there a required condition?

No. This potential bug can always be reproduced.

What is the expected behavior?

We passed a 'require('stream').Transform.prototype._write' as the second argument into zlib.gzip. The function should throw an exception or other similar error-reporting stuff rather than crash the whole nodejs process.

What do you see instead?

This is the stack dump produced during abort:

./node[36124]: ../src/node_zlib.cc:310:static void node::(anonymous namespace)::CompressionStream<node::(anonymous namespace)::ZlibContext>::Write(const FunctionCallbackInfo<v8::Value> &) [CompressionContext = node::(anonymous namespace)::ZlibContext, async = true]: Assertion `Buffer::HasInstance(args[1])' failed.
 1: 0x13f9b30 node::Abort() [./node]
 2: 0x13f9709  [./node]
 3: 0x15486eb  [./node]
 4: 0x17b379c v8::internal::FunctionCallbackArguments::Call(v8::internal::CallHandlerInfo) [./node]
 5: 0x17b23d5  [./node]
 6: 0x17b1092  [./node]
 7: 0x2717a59  [./node]
[1]    36124 abort      ./node

Additional information