mirror of
https://github.com/RGBCube/serenity
synced 2025-05-28 13:55:06 +00:00
LibJS: Check for add overflow in DataViewConstructor
Use the Checked type from AK to verify that offset + view_byte_length is buffer_byte_length at most.
This commit is contained in:
parent
bbfafa19b4
commit
f97e664d8f
2 changed files with 9 additions and 1 deletions
|
@ -0,0 +1,6 @@
|
|||
test("Issue #13451, integer overflow in offset + view_byte_length", () => {
|
||||
const arrayBuffer = new ArrayBuffer(1);
|
||||
expect(() => {
|
||||
new DataView(arrayBuffer, 1, 1024 * 1024 * 1024 * 4 - 1);
|
||||
}).toThrowWithMessage(RangeError, "Invalid DataView length");
|
||||
});
|
Loading…
Add table
Add a link
Reference in a new issue