From 93feb7a81fe7c1ca9603d94d24eeb5822c0c56f7 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Tue, 1 Dec 2020 17:10:57 +0100
Subject: [PATCH] LibJS: Have Uint8ClampedArray delegate OOB accesses to
 JS::Object

Uint8ClampedArray itself only cares about legitimate in-bounds accesses
since that's what where the specialization happens.
---
 Libraries/LibJS/Runtime/Object.h              | 3 ++-
 Libraries/LibJS/Runtime/Uint8ClampedArray.cpp | 7 ++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/Libraries/LibJS/Runtime/Object.h b/Libraries/LibJS/Runtime/Object.h
index f871d141df..5caa6780c4 100644
--- a/Libraries/LibJS/Runtime/Object.h
+++ b/Libraries/LibJS/Runtime/Object.h
@@ -163,9 +163,10 @@ protected:
     explicit Object(GlobalObjectTag);
     Object(ConstructWithoutPrototypeTag, GlobalObject&);
 
-private:
     virtual Value get_by_index(u32 property_index) const;
     virtual bool put_by_index(u32 property_index, Value);
+
+private:
     bool put_own_property(Object& this_object, const StringOrSymbol& property_name, Value, PropertyAttributes attributes, PutOwnPropertyMode = PutOwnPropertyMode::Put, bool throw_exceptions = true);
     bool put_own_property_by_index(Object& this_object, u32 property_index, Value, PropertyAttributes attributes, PutOwnPropertyMode = PutOwnPropertyMode::Put, bool throw_exceptions = true);
 
diff --git a/Libraries/LibJS/Runtime/Uint8ClampedArray.cpp b/Libraries/LibJS/Runtime/Uint8ClampedArray.cpp
index bd9b6e5367..aa5bcbf36c 100644
--- a/Libraries/LibJS/Runtime/Uint8ClampedArray.cpp
+++ b/Libraries/LibJS/Runtime/Uint8ClampedArray.cpp
@@ -67,8 +67,8 @@ JS_DEFINE_NATIVE_GETTER(Uint8ClampedArray::length_getter)
 
 bool Uint8ClampedArray::put_by_index(u32 property_index, Value value)
 {
-    // FIXME: Use attributes
-    ASSERT(property_index < m_length);
+    if (property_index >= m_length)
+        return Base::put_by_index(property_index, value);
     auto number = value.to_i32(global_object());
     if (vm().exception())
         return {};
@@ -78,7 +78,8 @@ bool Uint8ClampedArray::put_by_index(u32 property_index, Value value)
 
 Value Uint8ClampedArray::get_by_index(u32 property_index) const
 {
-    ASSERT(property_index < m_length);
+    if (property_index >= m_length)
+        return Base::get_by_index(property_index);
     return Value((i32)m_data[property_index]);
 }