LibJS: Don't crash when calling byte_length for a detached ArrayBuffer

This commit is contained in:
PrestonLTaylor 2023-06-30 19:44:22 +01:00 committed by Jelle Raaijmakers
parent a036346e24
commit 286bf307d2
2 changed files with 9 additions and 7 deletions

View file

@ -32,7 +32,13 @@ public:
virtual ~ArrayBuffer() override = default; virtual ~ArrayBuffer() override = default;
size_t byte_length() const { return buffer_impl().size(); } size_t byte_length() const
{
if (is_detached())
return 0;
return buffer_impl().size();
}
// [[ArrayBufferData]] // [[ArrayBufferData]]
ByteBuffer& buffer() { return buffer_impl(); } ByteBuffer& buffer() { return buffer_impl(); }

View file

@ -138,15 +138,11 @@ JS_DEFINE_NATIVE_FUNCTION(ArrayBufferPrototype::byte_length_getter)
// 3. If IsSharedArrayBuffer(O) is true, throw a TypeError exception. // 3. If IsSharedArrayBuffer(O) is true, throw a TypeError exception.
// FIXME: Check for shared buffer // FIXME: Check for shared buffer
// NOTE: These steps are done in byte_length()
// 4. If IsDetachedBuffer(O) is true, return +0𝔽. // 4. If IsDetachedBuffer(O) is true, return +0𝔽.
if (array_buffer_object->is_detached())
return Value(0);
// 5. Let length be O.[[ArrayBufferByteLength]]. // 5. Let length be O.[[ArrayBufferByteLength]].
auto length = array_buffer_object->byte_length();
// 6. Return 𝔽(length). // 6. Return 𝔽(length).
return Value(length); return Value(array_buffer_object->byte_length());
} }
// 25.1.5.4 get ArrayBuffer.prototype.detached, https://tc39.es/proposal-arraybuffer-transfer/#sec-get-arraybuffer.prototype.detached // 25.1.5.4 get ArrayBuffer.prototype.detached, https://tc39.es/proposal-arraybuffer-transfer/#sec-get-arraybuffer.prototype.detached