mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 21:47:46 +00:00
LibJS: Ensure enlarged ArrayBuffers are filled with zeros
Otherwise, the newly allocated bytes are uninitialized, causing UB when reading from the buffer immediately after an enlarging resize.
This commit is contained in:
parent
cabd599c8b
commit
916cb256de
2 changed files with 35 additions and 1 deletions
|
@ -149,7 +149,7 @@ VM::VM(OwnPtr<CustomData> custom_data, ErrorMessages error_messages)
|
|||
|
||||
// The default implementation of HostResizeArrayBuffer is to return NormalCompletion(unhandled).
|
||||
|
||||
if (auto result = buffer.buffer().try_resize(new_byte_length); result.is_error())
|
||||
if (auto result = buffer.buffer().try_resize(new_byte_length, ByteBuffer::ZeroFillNewElements::Yes); result.is_error())
|
||||
return throw_completion<RangeError>(ErrorType::NotEnoughMemoryToAllocate, new_byte_length);
|
||||
|
||||
return HandledByHost::Handled;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue