From a70033481ddcb4ec953e15d27d14896bb537e48c Mon Sep 17 00:00:00 2001
From: davidot <david.tuin@gmail.com>
Date: Wed, 7 Jul 2021 14:09:32 +0200
Subject: [PATCH] LibJS: Fix that length was sometimes cast to [ui]32

Since array-like objects can have much larger lengths even a u32 is not
sufficient.
---
 Userland/Libraries/LibJS/Runtime/ArrayPrototype.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Userland/Libraries/LibJS/Runtime/ArrayPrototype.cpp b/Userland/Libraries/LibJS/Runtime/ArrayPrototype.cpp
index c07c02f537..1f4bd452d1 100644
--- a/Userland/Libraries/LibJS/Runtime/ArrayPrototype.cpp
+++ b/Userland/Libraries/LibJS/Runtime/ArrayPrototype.cpp
@@ -362,7 +362,7 @@ JS_DEFINE_NATIVE_FUNCTION(ArrayPrototype::push)
         if (vm.exception())
             return {};
     }
-    auto new_length_value = Value((i32)new_length);
+    auto new_length_value = Value(new_length);
     this_object->set(vm.names.length, new_length_value, true);
     if (vm.exception())
         return {};
@@ -440,7 +440,7 @@ JS_DEFINE_NATIVE_FUNCTION(ArrayPrototype::pop)
     this_object->delete_property_or_throw(index);
     if (vm.exception())
         return {};
-    this_object->set(vm.names.length, Value((i32)index), true);
+    this_object->set(vm.names.length, Value(index), true);
     if (vm.exception())
         return {};
     return element;
@@ -1713,7 +1713,7 @@ JS_DEFINE_NATIVE_FUNCTION(ArrayPrototype::splice)
             return {};
     }
 
-    this_object->set(vm.names.length, Value((i32)new_length), true);
+    this_object->set(vm.names.length, Value(new_length), true);
     if (vm.exception())
         return {};