From 7a71d4b887b22590ed99aaac64a74dcb0fd2900b Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Sun, 24 Jan 2021 18:52:57 +0100 Subject: [PATCH] LibJS: Add some assertions and tests for TypedArray limitations --- Userland/Libraries/LibJS/Runtime/TypedArray.h | 3 +++ .../builtins/TypedArray/typed-array-limits.js | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 Userland/Libraries/LibJS/Tests/builtins/TypedArray/typed-array-limits.js diff --git a/Userland/Libraries/LibJS/Runtime/TypedArray.h b/Userland/Libraries/LibJS/Runtime/TypedArray.h index 1a10a1a93f..330e85a9ba 100644 --- a/Userland/Libraries/LibJS/Runtime/TypedArray.h +++ b/Userland/Libraries/LibJS/Runtime/TypedArray.h @@ -132,7 +132,10 @@ protected: TypedArray(u32 array_length, Object& prototype) : TypedArrayBase(prototype) { + ASSERT(!Checked::multiplication_would_overflow(array_length, sizeof(T))); m_viewed_array_buffer = ArrayBuffer::create(global_object(), array_length * sizeof(T)); + if (array_length) + ASSERT(data() != nullptr); m_array_length = array_length; m_byte_length = m_viewed_array_buffer->byte_length(); } diff --git a/Userland/Libraries/LibJS/Tests/builtins/TypedArray/typed-array-limits.js b/Userland/Libraries/LibJS/Tests/builtins/TypedArray/typed-array-limits.js new file mode 100644 index 0000000000..dcf54d3d26 --- /dev/null +++ b/Userland/Libraries/LibJS/Tests/builtins/TypedArray/typed-array-limits.js @@ -0,0 +1,18 @@ +test("some oversized typed arrays", () => { + expect(() => new Uint8Array(2 * 1024 * 1024 * 1024)).toThrowWithMessage( + RangeError, + "Invalid typed array length" + ); + expect(() => new Uint16Array(2 * 1024 * 1024 * 1024)).toThrowWithMessage( + RangeError, + "Invalid typed array length" + ); + expect(() => new Uint32Array(1024 * 1024 * 1024)).toThrowWithMessage( + RangeError, + "Invalid typed array length" + ); + expect(() => new Uint32Array(4 * 1024 * 1024 * 1024)).toThrowWithMessage( + RangeError, + "Invalid typed array length" + ); +});