[webkit-changes] [WebKit/WebKit] 2b5ed0: [JSC] ArrayBuffer/SharedArrayBuffer constructor sh...
SUZUKI Sosuke
noreply at github.com
Wed May 22 22:45:58 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 2b5ed009bee397beb4099f6ea0e40072d2aaec0f
https://github.com/WebKit/WebKit/commit/2b5ed009bee397beb4099f6ea0e40072d2aaec0f
Author: Sosuke Suzuki <aosukeke at gmail.com>
Date: 2024-05-22 (Wed, 22 May 2024)
Changed paths:
M JSTests/test262/expectations.yaml
M Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp
Log Message:
-----------
[JSC] ArrayBuffer/SharedArrayBuffer constructor should check length before creating an instance
https://bugs.webkit.org/show_bug.cgi?id=272809
Reviewed by Darin Adler.
According to the specs[1][2], the constructors for ArrayBuffer and SharedArrayBuffer should check
if `byteLength > maxByteLength` and throw a `RangeError` before creating an instance.
This patch changes to perform these checks before creating an instance.
`toTypedArrayIndex`, there is an observable side effect of throwing a `RangeError` when `length`
exceeds `MAX_ARRAY_BUFFER_SIZE`. So, this patch use `toNumber` instead when checking
`byteLength > maxByteLength`.
[1]: https://tc39.es/ecma262/#sec-allocatearraybuffer
[2]: https://tc39.es/ecma262/#sec-allocatesharedarraybuffer
* JSTests/test262/expectations.yaml:
* Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp:
(JSC::JSGenericArrayBufferConstructor<sharingMode>::constructImpl):
Canonical link: https://commits.webkit.org/279181@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list