fix: DataView initialization in form-utils.js:deserialize_binary_form

[touzoku]

When you call get_buffer, it returns a Uint8Array. In many JavaScript runtime environments (like Cloudflare Workers, Node.js, or modern browsers), streams often allocate chunks from a shared memory pool (slab allocation). This means the Uint8Array you get back is a view into a much larger ArrayBuffer, and it often has a non-zero byteOffset.

When you pass header.buffer to DataView, it creates a view starting at the very beginning (byte 0) of the underlying memory allocation, completely ignoring the byteOffset of your header array.

Because the header data usually lives at a specific offset inside that buffer, your code reads 4 bytes from the wrong location (the start of the memory slab), interprets that garbage data as a 32-bit integer, and gets 16793089 (in my test case). It then tries to read ~16MB of data, runs out of stream, and throws "data too short".

You must pass the byteOffset and byteLength to the DataView constructor to ensure it looks at the correct slice of memory.

I have confirmed on my code that this fix resolves my problem.

---

Please don't delete this checklist! Before submitting the PR, please make sure you do the following:

• It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs
• This message body should clearly illustrate what problems it solves.
• Ideally, include a test that fails without this PR but passes with it.

Tests

• Run the tests with pnpm test and lint the project with pnpm lint and pnpm check

Changesets

• If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running pnpm changeset and following the prompts. Changesets that add features should be minor and those that fix bugs should be patch. Please prefix changeset messages with feat:, fix:, or chore:.

Edits

• Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 62013d2

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[jrollio]

Thank you @touzoku. Yesterday, after updating kit from 2.48.4 to 2.49.0, my remote forms began failing with the data too short error thrown from form-utils.js, which I traced back to the new serialization code, the PR for which seemed focused on improving / resolving issues pertaining to streaming file uploads, rather than on changing basic form submissions, but nevertheless, I read your analysis, reviewed and applied your update and now my form submission tests are passing again. Well done!

[ottomated]

This looks good, although I think the comment is unnecessary

[touzoku]

This looks good, although I think the comment is unnecessary

removed it

[teemingc]

Thanks for this! Can you add a test and a changeset? Maybe even a short comment above the changed line why those additional arguments are needed?

[svelte-docs-bot]

Preview: https://svelte-dev-git-preview-kit-14970-svelte.vercel.app/

[elliott-with-the-longest-name-on-github]

I'd love to merge this -- but we at least need a changeset. It'd be great to get a regression test in as well, though I'd settle for just the changeset if figuring out how to test it is too difficult.

[ottomated]

@elliott-with-the-longest-name-on-github I opened #15028 for that :)