From ae3c6f3fd24fc10da1ea124dbba0d188dcf46c93 Mon Sep 17 00:00:00 2001 From: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com> Date: Thu, 28 Jul 2022 02:22:14 -0700 Subject: [PATCH] Cherrypick https://github.com/WebKit/WebKit/pull/2806/commits/1085897a02110ec0e15ef337983a724e4a021212 --- ...SGenericTypedArrayViewPrototypeFunctions.h | 24 +++++++++++++++---- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h b/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h index 6251ef8db3a53..15a35567f464a 100644 --- a/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h +++ b/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h @@ -762,21 +762,35 @@ ALWAYS_INLINE EncodedJSValue genericTypedArrayViewProtoFuncSlice(VM& vm, JSGloba template ALWAYS_INLINE EncodedJSValue genericTypedArrayViewProtoFuncSubarray(VM& vm, JSGlobalObject* globalObject, CallFrame* callFrame) { - DeferTermination deferScope(vm); + // https://tc39.es/ecma262/#sec-%typedarray%.prototype.subarray + auto scope = DECLARE_THROW_SCOPE(vm); - // 22.2.3.23 + JSValue start = callFrame->argument(0); + if (UNLIKELY(!start.isInt32())) { + start = jsNumber(start.toIntegerOrInfinity(globalObject)); + RETURN_IF_EXCEPTION(scope, { }); + } + + JSValue finish = callFrame->argument(1); + if (!finish.isUndefined()) { + if (UNLIKELY(!finish.isInt32())) { + finish = jsNumber(finish.toIntegerOrInfinity(globalObject)); + RETURN_IF_EXCEPTION(scope, { }); + } + } ViewClass* thisObject = jsCast(callFrame->thisValue()); if (UNLIKELY(thisObject->isDetached())) return throwVMTypeError(globalObject, scope, typedArrayBufferHasBeenDetachedErrorMessage); - // Get the length here; later assert that the length didn't change. size_t thisLength = thisObject->length(); - size_t begin = argumentClampedIndexFromStartOrEnd(globalObject, callFrame->argument(0), thisLength); + ASSERT(start.isNumber()); + ASSERT(finish.isUndefined() || finish.isNumber()); + size_t begin = argumentClampedIndexFromStartOrEnd(globalObject, start, thisLength); RETURN_IF_EXCEPTION(scope, { }); - size_t end = argumentClampedIndexFromStartOrEnd(globalObject, callFrame->argument(1), thisLength, thisLength); + size_t end = argumentClampedIndexFromStartOrEnd(globalObject, finish, thisLength, thisLength); RETURN_IF_EXCEPTION(scope, { }); if (UNLIKELY(thisObject->isDetached()))