From bc95201aaf9021f36793b7640d320f88fd933d95 Mon Sep 17 00:00:00 2001
From: Idan Horowitz <idan.horowitz@gmail.com>
Date: Thu, 10 Jun 2021 22:39:44 +0300
Subject: [PATCH] LibJS: Dont mask non-RangeError exceptions in ArrayBuffer
 construction

Non-RangeError exceptions can be thrown by user implementations of
valueOf (which are called by to_index), and the specification disallows
changing the type of the thrown error.
---
 .../Libraries/LibJS/Runtime/ArrayBufferConstructor.cpp    | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Userland/Libraries/LibJS/Runtime/ArrayBufferConstructor.cpp b/Userland/Libraries/LibJS/Runtime/ArrayBufferConstructor.cpp
index 46adf163ac..99e4239c8d 100644
--- a/Userland/Libraries/LibJS/Runtime/ArrayBufferConstructor.cpp
+++ b/Userland/Libraries/LibJS/Runtime/ArrayBufferConstructor.cpp
@@ -45,9 +45,11 @@ Value ArrayBufferConstructor::construct(Function&)
     auto& vm = this->vm();
     auto byte_length = vm.argument(0).to_index(global_object());
     if (vm.exception()) {
-        // Re-throw more specific RangeError
-        vm.clear_exception();
-        vm.throw_exception<RangeError>(global_object(), ErrorType::InvalidLength, "array buffer");
+        if (vm.exception()->value().is_object() && is<RangeError>(vm.exception()->value().as_object())) {
+            // Re-throw more specific RangeError
+            vm.clear_exception();
+            vm.throw_exception<RangeError>(global_object(), ErrorType::InvalidLength, "array buffer");
+        }
         return {};
     }
     return ArrayBuffer::create(global_object(), byte_length);