[webkit-changes] [WebKit/WebKit] 770460: [JSC] `Uint8Array#setFromBase64` should decode and...

Sun, 21 Jul 2024 12:31:04 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 77046030809c04655dc91b43a43715b43235033e
      
https://github.com/WebKit/WebKit/commit/77046030809c04655dc91b43a43715b43235033e
  Author: Sosuke Suzuki <aosuk...@gmail.com>
  Date:   2024-07-21 (Sun, 21 Jul 2024)

  Changed paths:
    A JSTests/stress/uint8array-setFromBase64-write-up-to-error.js
    M JSTests/test262/expectations.yaml
    M Source/JavaScriptCore/runtime/JSGenericTypedArrayView.cpp
    M Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h
    M Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructor.cpp
    M Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototype.cpp

  Log Message:
  -----------
  [JSC] `Uint8Array#setFromBase64` should decode and write chunks which occur 
prior to bad data
https://bugs.webkit.org/show_bug.cgi?id=276859

Reviewed by Yusuke Suzuki.

According to the spec[1][2] and the test[3], Uint8Array.prototype.setFromBase64 
throws a SyntaxError
when encountering bad data but writes the decoded chunks prior to bad data.

However, the current JSC discards the decoded data upon encountering bad data 
and throws an error.

The fromBase64 internal function returns a value of type
std::optional<std::pair<size_t, Vector<uint8_t>>>. Returning std::nullopt 
indicates a decoding
failure. This patch changes it to return a tuple of std::tuple<bool, size_t, 
Vector<uint8_t>>,
where the initial bool determines whether to throw an error.

[1]: 
https://tc39.es/proposal-arraybuffer-base64/spec/#sec-uint8array.prototype.setfrombase64
[2]: https://tc39.es/proposal-arraybuffer-base64/spec/#sec-frombase64
[3]: 
https://github.com/tc39/test262/blob/main/test/built-ins/Uint8Array/prototype/setFromBase64/writes-up-to-error.js

* JSTests/stress/uint8array-setFromBase64-write-up-to-error.js: Added.
(shouldBe):
(shouldThrow):
* JSTests/test262/expectations.yaml:
* Source/JavaScriptCore/runtime/JSGenericTypedArrayView.cpp:
(JSC::fromBase64):
* Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h:
* Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):

Canonical link: https://commits.webkit.org/281174@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to