RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-16 13:55:00 +00:00
Code Issues Activity Actions
20616 commits 1 branch 0 tags 227 MiB
Commit graph

166 commits

Author SHA1 Message Date
Andreas Kling
91db36064f LibJS: Fix obviously wrong \uXXXX serialization in JSONObject 2021-02-04 00:09:04 +01:00
Linus Groh
50957ec78e LibJS: Fix variable name coding style int{Part => _part} 
...and rename intpart_end to int_part_end for consistency.
 2021-02-02 16:52:55 +01:00
Linus Groh
c41d340983 LibJS: Use VM::names for Object::invoke() function names 2021-02-01 10:34:45 +01:00
Linus Groh
f9b1a9e60c LibJS: Let RegExp.string get RegExp.prototype from the global object directly 
We can't assume that RegExp on the global object is still the original
constructor, or an object at all.

This makes '--RegExp<</<</</,/</x/' work. :^)

Found by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29740
 2021-01-29 20:50:22 +01:00
Andreas Kling
803a20fa86 LibJS: Call the correct base class in LexicalEnvironment::visit_edges() 
We were calling directly up to Cell, skipping over ScopeObject.
This made us not mark the scope chain parent for lexical environments,
sometimes causing them to get GC'd and use-after-free'd.

Found by Fuzzilli.

Fixes #5140.
 2021-01-28 10:15:24 +01:00
Andreas Kling
f6c6047e49 LibJS: Add overflow checks when creating TypedArray from ArrayBuffer 
Thanks to Iliad for finding this! :^)
 2021-01-27 07:57:07 +01:00
Andreas Kling
f3f2d77624 LibJS: Remove an unused TypedArray constructor 2021-01-25 23:23:33 +01:00
asynts
eea72b9b5c Everywhere: Hook up remaining debug macros to Debug.h. 2021-01-25 09:47:36 +01:00
asynts
acdcf59a33 Everywhere: Remove unnecessary debug comments. 
It would be tempting to uncomment these statements, but that won't work
with the new changes.

This was done with the following commands:

    find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec awk -i inplace '$0 !~ /\/\/#define/ { if (!toggle) { print; } else { toggle = !toggle } } ; $0 ~/\/\/#define/ { toggle = 1 }' {} \;

    find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec awk -i inplace '$0 !~ /\/\/ #define/ { if (!toggle) { print; } else { toggle = !toggle } } ; $0 ~/\/\/ #define/ { toggle = 1 }' {} \;
 2021-01-25 09:47:36 +01:00
Linus Groh
02cca92763 LibJS: Set length of TypedArray constructors to 3 
https://tc39.es/ecma262/#sec-typedarray-constructors

    Each TypedArray constructor [...] has a "length" property whose
    value is 3.
 2021-01-24 22:24:10 +01:00
Andreas Kling
7a71d4b887 LibJS: Add some assertions and tests for TypedArray limitations 2021-01-24 19:08:44 +01:00
Andreas Kling
0e3ee03e2b LibJS: Throw exception on too large TypedArray construction request 
We will now throw a RangeError in these cases:

* new TypedArray with >= INT32_MAX entries
* new TypedArray whose ArrayBuffer allocation size computation would
  cause a 32-bit unsigned overflow.
 2021-01-24 18:55:06 +01:00
Linus Groh
766f30f593 LibJS: Check if class extends value has a valid prototype 
If we have a function as class extends value, we still cannot assume
that it has a prototype property and that property has a function or
null as its value - blindly calling to_object() on it may fail.

Fixes #5075.
 2021-01-24 00:09:18 +01:00
Linus Groh
f253f68768 LibJS: Rename ErrorType::ProxyGetOwnDescriptor{Undef => Undefined}Return 
This seems like an unnecessary and uncommon abbreviation.
 2021-01-14 08:13:32 +01:00
Linus Groh
cab3049dcc LibJS: Rename ErrorType::ToObjectNullOr{Undef => Undefined} 
This seems like an unnecessary and uncommon abbreviation.
 2021-01-14 08:13:32 +01:00
Andreas Kling
13d7c09125 Libraries: Move to Userland/Libraries/ 2021-01-12 12:17:46 +01:00