[webkit-changes] [WebKit/WebKit] ba8ba2: [JSC] Update resizable ArrayBuffer based on spec u...

Wed Nov 30 07:34:27 PST 2022

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: ba8ba25ae962e03ccfaa78f078741374667e3475
      https://github.com/WebKit/WebKit/commit/ba8ba25ae962e03ccfaa78f078741374667e3475
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2022-11-30 (Wed, 30 Nov 2022)

  Changed paths:
    M LayoutTests/js/dom/resizable-array-buffer-view-serialization-out-of-bounds-expected.txt
    M LayoutTests/js/dom/resizable-array-buffer-view-serialization-out-of-bounds-explicit-length-expected.txt
    M LayoutTests/js/dom/resizable-array-buffer-view-serialization-out-of-bounds-explicit-length.html
    M LayoutTests/js/dom/resizable-array-buffer-view-serialization-out-of-bounds.html
    A LayoutTests/js/dom/resizable-data-view-serialization-out-of-bounds-expected.txt
    A LayoutTests/js/dom/resizable-data-view-serialization-out-of-bounds-explicit-length-expected.txt
    A LayoutTests/js/dom/resizable-data-view-serialization-out-of-bounds-explicit-length.html
    A LayoutTests/js/dom/resizable-data-view-serialization-out-of-bounds.html
    M Source/JavaScriptCore/runtime/JSArrayBufferView.h
    M Source/JavaScriptCore/runtime/JSArrayBufferViewInlines.h
    M Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h
    M Source/WebCore/bindings/js/SerializedScriptValue.cpp

  Log Message:
  -----------
  [JSC] Update resizable ArrayBuffer based on spec update
https://bugs.webkit.org/show_bug.cgi?id=248511
rdar://102793557

Reviewed by Ross Kirsling.

* LayoutTests/js/dom/resizable-array-buffer-view-serialization-out-of-bounds-expected.txt:
* LayoutTests/js/dom/resizable-array-buffer-view-serialization-out-of-bounds-explicit-length-expected.txt:
* LayoutTests/js/dom/resizable-array-buffer-view-serialization-out-of-bounds-explicit-length.html:
* LayoutTests/js/dom/resizable-array-buffer-view-serialization-out-of-bounds.html:
* LayoutTests/js/dom/resizable-data-view-serialization-out-of-bounds-expected.txt: Added.
* LayoutTests/js/dom/resizable-data-view-serialization-out-of-bounds-explicit-length-expected.txt: Added.
* LayoutTests/js/dom/resizable-data-view-serialization-out-of-bounds-explicit-length.html: Copied from LayoutTests/js/dom/resizable-array-buffer-view-serialization-out-of-bounds-explicit-length.html.
* LayoutTests/js/dom/resizable-data-view-serialization-out-of-bounds.html: Copied from LayoutTests/js/dom/resizable-array-buffer-view-serialization-out-of-bounds.html.
* Source/JavaScriptCore/runtime/JSArrayBufferView.h:
(JSC::JSArrayBufferView::isDetached const):
(JSC::JSArrayBufferView::byteOffset const):
(JSC::JSArrayBufferView::isOutOfBounds const): Add isOutOfBounds, function aligned to spec's IsArrayBufferViewOutOfBounds. Used in SerializedScriptValue.
(JSC::JSArrayBufferView::isDetached): Deleted.
* Source/JavaScriptCore/runtime/JSArrayBufferViewInlines.h:
(JSC::isArrayBufferViewOutOfBounds):
(JSC::isIntegerIndexedObjectOutOfBounds):
* Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
(JSC::genericTypedArrayViewProtoFuncSet): This is not actually changing the behavior, but more aligned to the latest spec's change.
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneSerializer::dumpArrayBufferView): We reject OOB ArrayBuffer based on discussion in [1].

[1]: https://github.com/whatwg/html/pull/8559

Canonical link: https://commits.webkit.org/257178@main