mirrors/escargot
2
0
Fork 0
mirror of https://github.com/Samsung/escargot.git synced 2026-06-22 10:01:50 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix crash in ArrayBuffer transfer

Browse source 
Signed-off-by: Seonghyun Kim <sh8281.kim@samsung.com>
This commit is contained in:
Seonghyun Kim 2026-05-26 19:24:40 +09:00
commit 119090d165
2 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/builtins/BuiltinArrayBuffer.cpp
View file

@ -146,6 +146,9 @@ static Value builtinArrayBufferTransfer(ExecutionState& state, Value thisValue,
uint64_t newByteLength = obj->byteLength();
if (argc > 0 && !argv[0].isUndefined()) {
newByteLength = argv[0].toIndex(state);
if (UNLIKELY(newByteLength == Value::InvalidIndexValue)) {
ErrorObject::throwBuiltinError(state, ErrorCode::RangeError, state.context()->staticStrings().ArrayBuffer.string(), true, state.context()->staticStrings().transfer.string(), ErrorObject::Messages::GlobalObject_FirstArgumentInvalidLength);
}
}
obj->throwTypeErrorIfDetached(state);
@ -155,8 +158,11 @@ static Value builtinArrayBufferTransfer(ExecutionState& state, Value thisValue,
if (newByteLength > maxLength.value()) {
ErrorObject::throwBuiltinError(state, ErrorCode::RangeError, state.context()->staticStrings().ArrayBuffer.string(), true, state.context()->staticStrings().transfer.string(), ErrorObject::Messages::GlobalObject_FirstArgumentInvalidLength);
}
} else {
// For non-resizable ArrayBuffer, the new buffer should also be non-resizable
maxLength = newByteLength;
}
ArrayBuffer* newValue = ArrayBufferObject::allocateArrayBuffer(state, state.context()->globalObject()->arrayBuffer(), newByteLength, maxLength);
ArrayBuffer* newValue = ArrayBufferObject::allocateArrayBuffer(state, state.context()->globalObject()->arrayBuffer(), newByteLength, maxLength, obj->isResizableArrayBuffer());
// Let copyLength be min(newByteLength, O.[[ArrayBufferByteLength]]).
// Perform CopyDataBlockBytes(toBlock, 0, fromBlock, 0, copyLength).
@ -175,6 +181,9 @@ static Value builtinArrayBufferTransferToFixedLength(ExecutionState& state, Valu
uint64_t newByteLength = obj->byteLength();
if (argc > 0 && !argv[0].isUndefined()) {
newByteLength = argv[0].toIndex(state);
if (UNLIKELY(newByteLength == Value::InvalidIndexValue)) {
ErrorObject::throwBuiltinError(state, ErrorCode::RangeError, state.context()->staticStrings().ArrayBuffer.string(), true, state.context()->staticStrings().transferToFixedLength.string(), ErrorObject::Messages::GlobalObject_FirstArgumentInvalidLength);
}
}
ArrayBuffer* newValue = ArrayBufferObject::allocateArrayBuffer(state, state.context()->globalObject()->arrayBuffer(), newByteLength, newByteLength, false);

2
test/vendortest

@ -1 +1 @@
Subproject commit a381b0eb941323dbdd2ba4285ce0affaf92fef1c
Subproject commit 48d330ff01dca5b8238a0c92f9d212ac05620b62