Title: [263315] trunk
- Revision
- 263315
- Author
- commit-qu...@webkit.org
- Date
- 2020-06-19 21:06:38 -0700 (Fri, 19 Jun 2020)
Log Message
Typed array constructor behaves differently when length is not passed or when undefined is passed
https://bugs.webkit.org/show_bug.cgi?id=184232
Patch by James Darpinian <jdarpin...@chromium.org> on 2020-06-19
Reviewed by Yusuke Suzuki.
Passing undefined for length should have the same effect as omitting the argument. It was being
treated as 0 instead.
* runtime/JSGenericTypedArrayViewConstructorInlines.h:
(JSC::constructGenericTypedArrayView):
Modified Paths
Added Paths
Diff
Added: trunk/JSTests/stress/typed-array-constructor-undefined.js (0 => 263315)
--- trunk/JSTests/stress/typed-array-constructor-undefined.js (rev 0)
+++ trunk/JSTests/stress/typed-array-constructor-undefined.js 2020-06-20 04:06:38 UTC (rev 263315)
@@ -0,0 +1,4 @@
+// Undefined for length argument of typed array constructor should be treated
+// the same as if the argument was omitted, meaning the whole buffer is used.
+if (new Uint8Array(new ArrayBuffer(3), 0, undefined).length != 3)
+ throw "undefined length should result in the whole buffer being used";
Modified: trunk/Source/_javascript_Core/ChangeLog (263314 => 263315)
--- trunk/Source/_javascript_Core/ChangeLog 2020-06-20 04:02:49 UTC (rev 263314)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-06-20 04:06:38 UTC (rev 263315)
@@ -1,3 +1,16 @@
+2020-06-19 James Darpinian <jdarpin...@chromium.org>
+
+ Typed array constructor behaves differently when length is not passed or when undefined is passed
+ https://bugs.webkit.org/show_bug.cgi?id=184232
+
+ Reviewed by Yusuke Suzuki.
+
+ Passing undefined for length should have the same effect as omitting the argument. It was being
+ treated as 0 instead.
+
+ * runtime/JSGenericTypedArrayViewConstructorInlines.h:
+ (JSC::constructGenericTypedArrayView):
+
2020-06-19 Yusuke Suzuki <ysuz...@apple.com>
[JSC] Attempt to reduce timeout failures on Apple Watch Series 3
Modified: trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayViewConstructorInlines.h (263314 => 263315)
--- trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayViewConstructorInlines.h 2020-06-20 04:02:49 UTC (rev 263314)
+++ trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayViewConstructorInlines.h 2020-06-20 04:06:38 UTC (rev 263315)
@@ -234,15 +234,10 @@
RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (argCount > 2) {
- if (ViewClass::TypedArrayStorageType == TypeDataView) {
- // If the DataView byteLength is present but undefined, treat it as missing.
- JSValue byteLengthValue = callFrame->uncheckedArgument(2);
- if (!byteLengthValue.isUndefined()) {
- length = byteLengthValue.toIndex(globalObject, "byteLength");
- RETURN_IF_EXCEPTION(scope, encodedJSValue());
- }
- } else {
- length = callFrame->uncheckedArgument(2).toIndex(globalObject, "length");
+ // If the length value is present but undefined, treat it as missing.
+ JSValue lengthValue = callFrame->uncheckedArgument(2);
+ if (!lengthValue.isUndefined()) {
+ length = lengthValue.toIndex(globalObject, ViewClass::TypedArrayStorageType == TypeDataView ? "byteLength" : "length");
RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
