1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 21:47:46 +00:00

LibJS: Ensure enlarged ArrayBuffers are filled with zeros

Otherwise, the newly allocated bytes are uninitialized, causing UB when
reading from the buffer immediately after an enlarging resize.
This commit is contained in:
Timothy Flynn 2023-12-27 08:41:22 -05:00 committed by Andreas Kling
parent cabd599c8b
commit 916cb256de
2 changed files with 35 additions and 1 deletions

View file

@ -149,7 +149,7 @@ VM::VM(OwnPtr<CustomData> custom_data, ErrorMessages error_messages)
// The default implementation of HostResizeArrayBuffer is to return NormalCompletion(unhandled).
if (auto result = buffer.buffer().try_resize(new_byte_length); result.is_error())
if (auto result = buffer.buffer().try_resize(new_byte_length, ByteBuffer::ZeroFillNewElements::Yes); result.is_error())
return throw_completion<RangeError>(ErrorType::NotEnoughMemoryToAllocate, new_byte_length);
return HandledByHost::Handled;