[webkit-changes] [WebKit/WebKit] a339b2: [JSC] Resizable ArrayBuffer slice's end index shou...
Yusuke Suzuki
noreply at github.com
Mon Jan 23 20:10:34 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a339b2fa21af6f65edd3e8346afef63fe930235b
https://github.com/WebKit/WebKit/commit/a339b2fa21af6f65edd3e8346afef63fe930235b
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-01-23 (Mon, 23 Jan 2023)
Changed paths:
A JSTests/stress/resizable-array-buffer-slice-end-should-not-be-computed-with-updated-length.js
M Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp
Log Message:
-----------
[JSC] Resizable ArrayBuffer slice's end index should not be computed with updated byteLength
https://bugs.webkit.org/show_bug.cgi?id=251059
rdar://104551175
Reviewed by Ross Kirsling and Justin Michaud.
Resizable ArrayBuffer slice's end index should be computed with cached byteLength since the new byteLength can be updated.
This is strictly aligned to the spec (https://tc39.es/proposal-resizablearraybuffer/#sec-arraybuffer.prototype.slice, step 10).
* JSTests/stress/resizable-array-buffer-slice-end-should-not-be-computed-with-updated-length.js: Added.
(let.x.Symbol.toPrimitive):
* Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp:
(JSC::arrayBufferSlice):
Canonical link: https://commits.webkit.org/259260@main
More information about the webkit-changes
mailing list