mirrors/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity.git synced 2025-01-23 18:02:05 -05:00
Code Issues Projects Releases Packages Wiki Activity
21987 commits 1 branch 0 tags 514 MiB
Commit graph

518 commits

Author SHA1 Message Date
Linus Groh
f9b1a9e60c LibJS: Let RegExp.string get RegExp.prototype from the global object directly 
We can't assume that RegExp on the global object is still the original
constructor, or an object at all.

This makes '--RegExp<</<</</,/</x/' work. :^)

Found by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29740
 2021-01-29 20:50:22 +01:00
Linus Groh
509e5a3045 LibJS: Fix crash when printing error for missing class extends value prototype 
If it's missing we get an empty value, but we can't use that with
to_string_without_side_effects() so we have to use undefined as the
default.

Fixes #5142.
 2021-01-28 10:24:18 +01:00
Andreas Kling
803a20fa86 LibJS: Call the correct base class in LexicalEnvironment::visit_edges() 
We were calling directly up to Cell, skipping over ScopeObject.
This made us not mark the scope chain parent for lexical environments,
sometimes causing them to get GC'd and use-after-free'd.

Found by Fuzzilli.

Fixes #5140.
 2021-01-28 10:15:24 +01:00
Andreas Kling
f6c6047e49 LibJS: Add overflow checks when creating TypedArray from ArrayBuffer 
Thanks to Iliad for finding this! :^)
 2021-01-27 07:57:07 +01:00
Andreas Kling
f3f2d77624 LibJS: Remove an unused TypedArray constructor 2021-01-25 23:23:33 +01:00
asynts
eea72b9b5c Everywhere: Hook up remaining debug macros to Debug.h. 2021-01-25 09:47:36 +01:00
asynts
acdcf59a33 Everywhere: Remove unnecessary debug comments. 
It would be tempting to uncomment these statements, but that won't work
with the new changes.

This was done with the following commands:

    find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec awk -i inplace '$0 !~ /\/\/#define/ { if (!toggle) { print; } else { toggle = !toggle } } ; $0 ~/\/\/#define/ { toggle = 1 }' {} \;

    find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec awk -i inplace '$0 !~ /\/\/ #define/ { if (!toggle) { print; } else { toggle = !toggle } } ; $0 ~/\/\/ #define/ { toggle = 1 }' {} \;
 2021-01-25 09:47:36 +01:00
Linus Groh
02cca92763 LibJS: Set length of TypedArray constructors to 3 
https://tc39.es/ecma262/#sec-typedarray-constructors

    Each TypedArray constructor [...] has a "length" property whose
    value is 3.
 2021-01-24 22:24:10 +01:00
Andreas Kling
7a71d4b887 LibJS: Add some assertions and tests for TypedArray limitations 2021-01-24 19:08:44 +01:00
Andreas Kling
0e3ee03e2b LibJS: Throw exception on too large TypedArray construction request 
We will now throw a RangeError in these cases:

* new TypedArray with >= INT32_MAX entries
* new TypedArray whose ArrayBuffer allocation size computation would
  cause a 32-bit unsigned overflow.
 2021-01-24 18:55:06 +01:00
Linus Groh
f37d3f25e6 LibJS: Remove redundant exception check from ClassExpression::execute() 
as_object() cannot fail, leftover from ea55453.
 2021-01-24 00:40:22 +01:00
Linus Groh
766f30f593 LibJS: Check if class extends value has a valid prototype 
If we have a function as class extends value, we still cannot assume
that it has a prototype property and that property has a function or
null as its value - blindly calling to_object() on it may fail.

Fixes #5075.
 2021-01-24 00:09:18 +01:00
Nico Weber
8ccd8b4a6f LibJS: Include <typeinfo> in AST.cpp 
Without this, the oss-fuzz build says:

../Userland/Libraries/LibJS/AST.cpp:58:34: error: member access into incomplete type 'const std::type_info'
    return demangle(typeid(*this).name()).substring(4);
                                 ^
 2021-01-20 21:00:27 +01:00
Andreas Kling
81839ea1bd LibJS: Add JS::NativeFunction to the forwarding header 2021-01-18 12:18:29 +01:00
Andreas Kling
4da913bfab LibJS: Replace ASTNode::class_name() with RTTI 
This is only used for debugging anyway, so performance doesn't matter
too much.
 2021-01-17 14:36:53 +01:00
Linus Groh
f253f68768 LibJS: Rename ErrorType::ProxyGetOwnDescriptor{Undef => Undefined}Return 
This seems like an unnecessary and uncommon abbreviation.
 2021-01-14 08:13:32 +01:00
Linus Groh
cab3049dcc LibJS: Rename ErrorType::ToObjectNullOr{Undef => Undefined} 
This seems like an unnecessary and uncommon abbreviation.
 2021-01-14 08:13:32 +01:00
Andreas Kling
13d7c09125 Libraries: Move to Userland/Libraries/ 2021-01-12 12:17:46 +01:00