RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-31 20:12:43 +00:00
Code Issues Activity Actions

LibJS: Use existing AOs to validate bytecode/JIT TypedArray indices

Browse source 
The IsValidIntegerIndex AO performs the checks we are interested in. The
manual implementation we currently have will no longer compile once the
resizable ArrayBuffer spec is implemented. The AO will be updated with
the spec implementation, so let's use it now to avoid breakage.
This commit is contained in:
Timothy Flynn 2023-12-24 15:07:43 -05:00 committed by Andreas Kling
parent 98cdf36fb0
commit a1e2f131c4
1 changed files with 7 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
Userland/Libraries/LibJS/Bytecode/CommonImplementations.cpp
View file

@ -117,7 +117,9 @@ ThrowCompletionOr<Value> get_by_value(VM& vm, Value base_value, Value property_k
// For typed arrays:
if (object.is_typed_array()) {
auto& typed_array = static_cast<TypedArrayBase&>(object);
if (!typed_array.viewed_array_buffer()->is_detached() && index < typed_array.array_length()) {
auto canonical_index = CanonicalIndex { CanonicalIndex::Type::Index, index };
if (is_valid_integer_index(typed_array, canonical_index)) {
switch (typed_array.kind()) {
case TypedArrayBase::Kind::Uint8Array:
return fast_typed_array_get_element<u8>(typed_array, index);
@ -139,7 +141,6 @@ ThrowCompletionOr<Value> get_by_value(VM& vm, Value base_value, Value property_k
}
}
auto canonical_index = CanonicalIndex { CanonicalIndex::Type::Index, index };
switch (typed_array.kind()) {
#define __JS_ENUMERATE(ClassName, snake_name, PrototypeName, ConstructorName, Type) \
case TypedArrayBase::Kind::ClassName: \
@ -395,7 +396,9 @@ ThrowCompletionOr<void> put_by_value(VM& vm, Value base, Value property_key_valu
// For typed arrays:
if (object.is_typed_array()) {
auto& typed_array = static_cast<TypedArrayBase&>(object);
if (!typed_array.viewed_array_buffer()->is_detached() && index < typed_array.array_length() && value.is_int32()) {
auto canonical_index = CanonicalIndex { CanonicalIndex::Type::Index, index };
if (value.is_int32() && is_valid_integer_index(typed_array, canonical_index)) {
switch (typed_array.kind()) {
case TypedArrayBase::Kind::Uint8Array:
fast_typed_array_set_element<u8>(typed_array, index, static_cast<u8>(value.as_i32()));
@ -423,7 +426,7 @@ ThrowCompletionOr<void> put_by_value(VM& vm, Value base, Value property_key_valu
break;
}
}
auto canonical_index = CanonicalIndex { CanonicalIndex::Type::Index, index };
switch (typed_array.kind()) {
#define __JS_ENUMERATE(ClassName, snake_name, PrototypeName, ConstructorName, Type) \
case TypedArrayBase::Kind::ClassName: \