Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 2b5ed009bee397beb4099f6ea0e40072d2aaec0f
https://github.com/WebKit/WebKit/commit/2b5ed009bee397beb4099f6ea0e40072d2aaec0f
Author: Sosuke Suzuki <aosuk...@gmail.com>
Date: 2024-05-22 (Wed, 22 May 2024)
Changed paths:
M JSTests/test262/expectations.yaml
M Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp
Log Message:
-----------
[JSC] ArrayBuffer/SharedArrayBuffer constructor should check length before
creating an instance
https://bugs.webkit.org/show_bug.cgi?id=272809
Reviewed by Darin Adler.
According to the specs[1][2], the constructors for ArrayBuffer and
SharedArrayBuffer should check
if `byteLength > maxByteLength` and throw a `RangeError` before creating an
instance.
This patch changes to perform these checks before creating an instance.
`toTypedArrayIndex`, there is an observable side effect of throwing a
`RangeError` when `length`
exceeds `MAX_ARRAY_BUFFER_SIZE`. So, this patch use `toNumber` instead when
checking
`byteLength > maxByteLength`.
[1]: https://tc39.es/ecma262/#sec-allocatearraybuffer
[2]: https://tc39.es/ecma262/#sec-allocatesharedarraybuffer
* JSTests/test262/expectations.yaml:
* Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp:
(JSC::JSGenericArrayBufferConstructor<sharingMode>::constructImpl):
Canonical link: https://commits.webkit.org/279181@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
