search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 00a05bc) | patch
Bug 1842773 - Part 18: Update TypedArray length, byteLength, and byteOffset accesses...
commit9c98ce0bbd6307d6dcf1eeb51fa6de17480180e7
authorAndré Bargull <andre.bargull@gmail.com>
Thu, 25 Jan 2024 15:49:49 +0000 (25 15:49 +0000)
committerAndré Bargull <andre.bargull@gmail.com>
Thu, 25 Jan 2024 15:49:49 +0000 (25 15:49 +0000)
treec3ff1ccea879813cc68778233e9bac4f5fae4be8tree | snapshot (tar.gz zip)
parent00a05bc0725f9493c006501ab7ce37fa940aa929commit | diff
Bug 1842773 - Part 18: Update TypedArray length, byteLength, and byteOffset accesses. r=sfink

Update all accesses to handle possible out-of-bounds. In some cases the TypedArray
is guaranteed to be a `FixedLengthTypedArrayObject`, which ensures the accesses are
always in-bounds.

Differential Revision: https://phabricator.services.mozilla.com/D183334
16 files changed:
js/src/builtin/Array.cpp diff | blob | blame | history
js/src/builtin/Object.cpp diff | blob | blame | history
js/src/builtin/TypedArray.js diff | blob | blame | history
js/src/jit/CacheIR.cpp diff | blob | blame | history
js/src/jit/VMFunctions.cpp diff | blob | blame | history
js/src/shell/OSObject.cpp diff | blob | blame | history
js/src/vm/ArrayBufferViewObject.cpp diff | blob | blame | history
js/src/vm/Iteration.cpp diff | blob | blame | history
js/src/vm/JSObject.cpp diff | blob | blame | history
js/src/vm/NativeObject-inl.h diff | blob | blame | history
js/src/vm/NativeObject.cpp diff | blob | blame | history
js/src/vm/SelfHosting.cpp diff | blob | blame | history
js/src/vm/TypedArrayObject-inl.h diff | blob | blame | history
js/src/vm/TypedArrayObject.cpp diff | blob | blame | history
js/src/vm/TypedArrayObject.h diff | blob | blame | history
js/src/wasm/WasmJS.cpp diff | blob | blame | history