RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 23:27:43 +00:00
Code Issues Activity Actions

LibJS: Protect CanonicalIndex against double-to-integer overflow

Browse source 
Explicitly disallow constructing a CanonicalIndex from a floating point
type without going through a factory method that will throw when the
provided index cannot fit in a u32.
This commit is contained in:
Timothy Flynn 2022-12-07 08:11:05 -05:00 committed by Linus Groh
parent 8f46cb83c7
commit d37d6b3479
3 changed files with 59 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

38
Userland/Libraries/LibJS/Tests/builtins/TypedArray/TypedArray.prototype.with.js
View file

@ -12,6 +12,44 @@ const TYPED_ARRAYS = [
const BIGINT_TYPED_ARRAYS = [BigUint64Array, BigInt64Array];
describe("errors", () => {
test("index out of range", () => {
TYPED_ARRAYS.forEach(T => {
const array = new T([1, 2, 3]);
expect(() => {
array.with(3, 10);
}).toThrowWithMessage(RangeError, "Invalid integer index: 3");
expect(() => {
array.with(-4, 10);
}).toThrowWithMessage(RangeError, "Invalid integer index: -1");
});
});
test("invalid index", () => {
TYPED_ARRAYS.forEach(T => {
const array = new T([1, 2, 3]);
expect(() => {
array.with(2 ** 53, 10);
}).toThrowWithMessage(RangeError, "Invalid integer index: 9007199254740992");
expect(() => {
array.with(-(2 ** 53), 10);
}).toThrowWithMessage(RangeError, "Invalid integer index: -9007199254740989");
expect(() => {
array.with(Infinity, 10);
}).toThrowWithMessage(RangeError, "Invalid integer index: inf");
expect(() => {
array.with(-Infinity, 10);
}).toThrowWithMessage(RangeError, "Invalid integer index: -inf");
});
});
});
describe("normal behavior", () => {
test("length is 2", () => {
TYPED_ARRAYS.forEach(T => {