src/builtins/builtins-sharedarraybuffer.cc - Issue 2814753003: [SAB] Validate index before value conversion

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/builtins/builtins-sharedarraybuffer.cc

Issue 2814753003: [SAB] Validate index before value conversion (Closed)

Patch Set: feedback Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: src/builtins/builtins-sharedarraybuffer.cc

diff --git a/src/builtins/builtins-sharedarraybuffer.cc b/src/builtins/builtins-sharedarraybuffer.cc

index 0ec8423104d2c6b7933e71bdb6208cb929d7ece6..d7a81a2ffe98634c688f09c8ae48046f93c535fe 100644

--- a/src/builtins/builtins-sharedarraybuffer.cc

+++ b/src/builtins/builtins-sharedarraybuffer.cc

@@ -63,23 +63,15 @@ MUST_USE_RESULT MaybeHandle<JSTypedArray> ValidateSharedIntegerTypedArray(

MUST_USE_RESULT Maybe<size_t> ValidateAtomicAccess(

Isolate* isolate, Handle<JSTypedArray> typed_array,

Handle<Object> request_index) {

- // TOOD(v8:5961): Use ToIndex for indexes

- ASSIGN_RETURN_ON_EXCEPTION_VALUE(isolate, request_index,

- Object::ToNumber(request_index),

- Nothing<size_t>());

- Handle<Object> offset;

- ASSIGN_RETURN_ON_EXCEPTION_VALUE(isolate, offset,

- Object::ToInteger(isolate, request_index),

- Nothing<size_t>());

- if (!request_index->SameValue(*offset)) {

- isolate->Throw(*isolate->factory()->NewRangeError(

- MessageTemplate::kInvalidAtomicAccessIndex));

- return Nothing<size_t>();

- }

- size_t access_index;

- uint32_t length = typed_array->length_value();

- if (!TryNumberToSize(*request_index, &access_index) ||

- access_index >= length) {

+ Handle<Object> access_index_obj;

+ ASSIGN_RETURN_ON_EXCEPTION_VALUE(

+ isolate, access_index_obj,

+ Object::ToIndex(isolate, request_index,

+ MessageTemplate::kInvalidAtomicAccessIndex),

+ Nothing<size_t>());

+ size_t access_index = NumberToSize(*access_index_obj);

+ if (access_index >= typed_array->length_value()) {

isolate->Throw(*isolate->factory()->NewRangeError(

MessageTemplate::kInvalidAtomicAccessIndex));

return Nothing<size_t>();

« no previous file with comments | « no previous file | src/builtins/builtins-sharedarraybuffer-gen.cc » ('j') | no next file with comments »