github_mirrors/quickjs
3
0
Fork 1
mirror of https://github.com/bellard/quickjs.git synced 2025-09-30 06:54:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

fixed typed array set operation when obj != receiver

Browse Source
This commit is contained in:
Fabrice Bellard
2025-03-27 17:06:26 +01:00
parent b0c1a12196
commit 67de495254
2 changed files with 13 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
quickjs.c
View File

@@ -8757,17 +8757,21 @@ int JS_SetPropertyInternal(JSContext *ctx, JSValueConst obj,
return -1;
}
typed_array_oob:
/* must convert the argument even if out of bound access */
if (p1->class_id == JS_CLASS_BIG_INT64_ARRAY ||
p1->class_id == JS_CLASS_BIG_UINT64_ARRAY) {
int64_t v;
if (JS_ToBigInt64Free(ctx, &v, val))
return -1;
if (p == p1) {
/* must convert the argument even if out of bound access */
if (p1->class_id == JS_CLASS_BIG_INT64_ARRAY ||
p1->class_id == JS_CLASS_BIG_UINT64_ARRAY) {
int64_t v;
if (JS_ToBigInt64Free(ctx, &v, val))
return -1;
} else {
val = JS_ToNumberFree(ctx, val);
JS_FreeValue(ctx, val);
if (JS_IsException(val))
return -1;
}
} else {
val = JS_ToNumberFree(ctx, val);
JS_FreeValue(ctx, val);
if (JS_IsException(val))
return -1;
}
return TRUE;
}