From 00a83a295774089e21080d173e3b33da8bf5fd17 Mon Sep 17 00:00:00 2001 From: Luke Date: Thu, 10 Jun 2021 03:40:54 +0100 Subject: [PATCH] LibJS: Make removed elements in Array.prototype.splice spec compliant It wasn't using has_property, was directly appending to indexed properties and wasn't setting the length. --- .../Libraries/LibJS/Runtime/ArrayPrototype.cpp | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/Userland/Libraries/LibJS/Runtime/ArrayPrototype.cpp b/Userland/Libraries/LibJS/Runtime/ArrayPrototype.cpp index 9e7d6dc48f..af608a00e5 100644 --- a/Userland/Libraries/LibJS/Runtime/ArrayPrototype.cpp +++ b/Userland/Libraries/LibJS/Runtime/ArrayPrototype.cpp @@ -905,13 +905,26 @@ JS_DEFINE_NATIVE_FUNCTION(ArrayPrototype::splice) return {}; for (size_t i = 0; i < actual_delete_count; ++i) { - auto value = this_object->get(actual_start + i); + auto from = actual_start + i; + bool from_present = this_object->has_property(from); if (vm.exception()) return {}; - removed_elements->indexed_properties().append(value); + if (from_present) { + auto from_value = this_object->get(actual_start + i); + if (vm.exception()) + return {}; + + removed_elements->define_property(i, from_value); + if (vm.exception()) + return {}; + } } + removed_elements->put(vm.names.length, Value(actual_delete_count)); + if (vm.exception()) + return {}; + if (insert_count < actual_delete_count) { for (size_t i = actual_start; i < initial_length - actual_delete_count; ++i) { auto from = this_object->get(i + actual_delete_count);