mirrors/escargot
2
0
Fork 0
mirror of https://github.com/Samsung/escargot.git synced 2026-06-22 10:01:50 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add size checking on ArrayBuffer.prototype.transfer

Browse source 
Signed-off-by: Seonghyun Kim <sh8281.kim@samsung.com>
This commit is contained in:
Seonghyun Kim 2026-05-21 11:19:50 +09:00 committed by MuHong Byun
commit 36f5fb5836
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/builtins/BuiltinArrayBuffer.cpp
View file

@ -148,9 +148,13 @@ static Value builtinArrayBufferTransfer(ExecutionState& state, Value thisValue,
newByteLength = argv[0].toIndex(state);
}
obj->throwTypeErrorIfDetached(state);
Optional<uint64_t> maxLength;
if (obj->isResizableArrayBuffer()) {
maxLength = obj->maxByteLength();
if (newByteLength > maxLength.value()) {
ErrorObject::throwBuiltinError(state, ErrorCode::RangeError, state.context()->staticStrings().ArrayBuffer.string(), true, state.context()->staticStrings().transfer.string(), ErrorObject::Messages::GlobalObject_FirstArgumentInvalidLength);
}
}
ArrayBuffer* newValue = ArrayBufferObject::allocateArrayBuffer(state, state.context()->globalObject()->arrayBuffer(), newByteLength, maxLength);

2
test/vendortest

@ -1 +1 @@
Subproject commit e17c4680af0a133981ab19aa6ea0b67bd705f66c
Subproject commit a381b0eb941323dbdd2ba4285ce0affaf92fef1c