RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 11:57:34 +00:00
Code Issues Activity Actions

LibJS: Ensure enlarged ArrayBuffers are filled with zeros

Browse source 
Otherwise, the newly allocated bytes are uninitialized, causing UB when
reading from the buffer immediately after an enlarging resize.
This commit is contained in:
Timothy Flynn 2023-12-27 08:41:22 -05:00 committed by Andreas Kling
parent cabd599c8b
commit 916cb256de
2 changed files with 35 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibJS/Runtime/VM.cpp
View file

@ -149,7 +149,7 @@ VM::VM(OwnPtr<CustomData> custom_data, ErrorMessages error_messages)
// The default implementation of HostResizeArrayBuffer is to return NormalCompletion(unhandled).
if (auto result = buffer.buffer().try_resize(new_byte_length); result.is_error())
if (auto result = buffer.buffer().try_resize(new_byte_length, ByteBuffer::ZeroFillNewElements::Yes); result.is_error())
return throw_completion<RangeError>(ErrorType::NotEnoughMemoryToAllocate, new_byte_length);
return HandledByHost::Handled;