LibJS: Use Array::create() length arg in favor of set_array_like_size()

This way we don't bypass the maximum length check.
2025-07-25 21:27:35 +00:00 · 2021-06-06 23:27:47 +01:00 · 2021-06-06 23:27:47 +01:00 · 3dfd450f2d
commit 3dfd450f2d
parent 1c906b07a4
2 changed files with 6 additions and 4 deletions
--- a/Userland/Libraries/LibJS/Runtime/ArrayPrototype.cpp
+++ b/Userland/Libraries/LibJS/Runtime/ArrayPrototype.cpp
@ -150,8 +150,9 @@ JS_DEFINE_NATIVE_FUNCTION(ArrayPrototype::map)
    auto initial_length = length_of_array_like(global_object, *this_object);
    if (vm.exception())
        return {};
-    auto* new_array = Array::create(global_object);
-    new_array->indexed_properties().set_array_like_size(initial_length);
+    auto* new_array = Array::create(global_object, initial_length);
+    if (vm.exception())
+        return {};
    for_each_item(vm, global_object, "map", [&](auto index, auto, auto callback_result) {
        if (vm.exception())
            return IterationDecision::Break;
--- a/Userland/Libraries/LibJS/Runtime/RegExpPrototype.cpp
+++ b/Userland/Libraries/LibJS/Runtime/RegExpPrototype.cpp
@ -166,8 +166,9 @@ JS_DEFINE_NATIVE_FUNCTION(RegExpPrototype::exec)
    auto& match = result.matches[0];

    // FIXME: Do code point index correction if the Unicode flag is set.
-    auto* array = Array::create(global_object);
-    array->indexed_properties().set_array_like_size(result.n_capture_groups + 1);
+    auto* array = Array::create(global_object, result.n_capture_groups + 1);
+    if (vm.exception())
+        return {};
    array->define_property(vm.names.index, Value((i32)match.global_offset));
    array->define_property(vm.names.input, js_string(vm, str));
    array->indexed_properties().put(array, 0, js_string(vm, match.view.to_string()));