From a4bc2295920dea025270da6d3c704c8684cceed9 Mon Sep 17 00:00:00 2001 From: Zidong Jiang Date: Mon, 24 Jul 2017 10:43:05 +0800 Subject: [PATCH] Bugfix: should return error immediately in ecma_op_create_typedarray Related issue: #1936 JerryScript-DCO-1.0-Signed-off-by: Zidong Jiang zidong.jiang@intel.com --- .../ecma/operations/ecma-typedarray-object.c | 12 ++++---- .../es2015/regression-test-issue-1936.js | 28 +++++++++++++++++++ 2 files changed, 35 insertions(+), 5 deletions(-) create mode 100644 tests/jerry/es2015/regression-test-issue-1936.js diff --git a/jerry-core/ecma/operations/ecma-typedarray-object.c b/jerry-core/ecma/operations/ecma-typedarray-object.c index 8890b4832..0d2e3f6b3 100644 --- a/jerry-core/ecma/operations/ecma-typedarray-object.c +++ b/jerry-core/ecma/operations/ecma-typedarray-object.c @@ -689,12 +689,14 @@ ecma_op_create_typedarray (const ecma_value_t *arguments_list_p, /**< the arg li { ret = ecma_raise_range_error (ECMA_ERR_MSG ("Maximum typedarray size is reached.")); } - - new_byte_length = (ecma_length_t) new_length << element_size_shift; - - if (new_byte_length + offset > buf_byte_length) + else { - ret = ecma_raise_range_error (ECMA_ERR_MSG ("Invalid length.")); + new_byte_length = (ecma_length_t) new_length << element_size_shift; + + if (new_byte_length + offset > buf_byte_length) + { + ret = ecma_raise_range_error (ECMA_ERR_MSG ("Invalid length.")); + } } ECMA_OP_TO_NUMBER_FINALIZE (num3); diff --git a/tests/jerry/es2015/regression-test-issue-1936.js b/tests/jerry/es2015/regression-test-issue-1936.js new file mode 100644 index 000000000..dc898e9f8 --- /dev/null +++ b/tests/jerry/es2015/regression-test-issue-1936.js @@ -0,0 +1,28 @@ +// Copyright JS Foundation and other contributors, http://js.foundation +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +var name = ""; + +try +{ + Object.defineProperties(constructor.isExtensible, {a: Object.getOwnPropertyDescriptor(Uint8ClampedArray, "length")}) + new Int32Array(new ArrayBuffer(), undefined, Date.now()) +} +catch (e) +{ + name = e.name; +} + + +assert(name === "RangeError");