RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 13:37:45 +00:00
Code Issues Activity Actions

LibJS: Have Uint8ClampedArray delegate OOB accesses to JS::Object

Browse source 
Uint8ClampedArray itself only cares about legitimate in-bounds accesses
since that's what where the specialization happens.
This commit is contained in:
Andreas Kling 2020-12-01 17:10:57 +01:00
parent f2c7caf2db
commit 93feb7a81f
2 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Libraries/LibJS/Runtime/Object.h
View file

@ -163,9 +163,10 @@ protected:
explicit Object(GlobalObjectTag); explicit Object(GlobalObjectTag);
Object(ConstructWithoutPrototypeTag, GlobalObject&); Object(ConstructWithoutPrototypeTag, GlobalObject&);
private:
virtual Value get_by_index(u32 property_index) const; virtual Value get_by_index(u32 property_index) const;
virtual bool put_by_index(u32 property_index, Value); virtual bool put_by_index(u32 property_index, Value);
private:
bool put_own_property(Object& this_object, const StringOrSymbol& property_name, Value, PropertyAttributes attributes, PutOwnPropertyMode = PutOwnPropertyMode::Put, bool throw_exceptions = true); bool put_own_property(Object& this_object, const StringOrSymbol& property_name, Value, PropertyAttributes attributes, PutOwnPropertyMode = PutOwnPropertyMode::Put, bool throw_exceptions = true);
bool put_own_property_by_index(Object& this_object, u32 property_index, Value, PropertyAttributes attributes, PutOwnPropertyMode = PutOwnPropertyMode::Put, bool throw_exceptions = true); bool put_own_property_by_index(Object& this_object, u32 property_index, Value, PropertyAttributes attributes, PutOwnPropertyMode = PutOwnPropertyMode::Put, bool throw_exceptions = true);

7
Libraries/LibJS/Runtime/Uint8ClampedArray.cpp
View file

@ -67,8 +67,8 @@ JS_DEFINE_NATIVE_GETTER(Uint8ClampedArray::length_getter)
bool Uint8ClampedArray::put_by_index(u32 property_index, Value value) bool Uint8ClampedArray::put_by_index(u32 property_index, Value value)
{ {
// FIXME: Use attributes if (property_index >= m_length)
ASSERT(property_index < m_length); return Base::put_by_index(property_index, value);
auto number = value.to_i32(global_object()); auto number = value.to_i32(global_object());
if (vm().exception()) if (vm().exception())
return {}; return {};
@ -78,7 +78,8 @@ bool Uint8ClampedArray::put_by_index(u32 property_index, Value value)
Value Uint8ClampedArray::get_by_index(u32 property_index) const Value Uint8ClampedArray::get_by_index(u32 property_index) const
{ {
ASSERT(property_index < m_length); if (property_index >= m_length)
return Base::get_by_index(property_index);
return Value((i32)m_data[property_index]); return Value((i32)m_data[property_index]);
} }