github_mirrors/quickjs
3
0
Fork 1
mirror of https://github.com/bellard/quickjs.git synced 2025-09-29 14:36:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

fixed detached TypedArray in sort()

Browse Source
This commit is contained in:
Fabrice Bellard
2023-12-27 17:13:44 +01:00
parent e6da06e4f6
commit b8791e9b4a
3 changed files with 50 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
quickjs.c
View File

@@ -53160,7 +53160,7 @@ static JSValue js_TA_get_float64(JSContext *ctx, const void *a) {
struct TA_sort_context {
JSContext *ctx;
int exception;
int exception; /* 1 = exception, 2 = detached typed array */
JSValueConst arr;
JSValueConst cmp;
JSValue (*getfun)(JSContext *ctx, const void *a);
@@ -53178,6 +53178,8 @@ static int js_TA_cmp_generic(const void *a, const void *b, void *opaque) {
cmp = 0;
if (!psc->exception) {
/* Note: the typed array can be detached without causing an
error */
a_idx = *(uint32_t *)a;
b_idx = *(uint32_t *)b;
argv[0] = psc->getfun(ctx, psc->array_ptr +
@@ -53205,8 +53207,9 @@ static int js_TA_cmp_generic(const void *a, const void *b, void *opaque) {
/* make sort stable: compare array offsets */
cmp = (a_idx > b_idx) - (a_idx < b_idx);
}
if (validate_typed_array(ctx, psc->arr) < 0) {
psc->exception = 1;
if (unlikely(typed_array_is_detached(ctx,
JS_VALUE_GET_PTR(psc->arr)))) {
psc->exception = 2;
}
done:
JS_FreeValue(ctx, (JSValue)argv[0]);
@@ -53230,11 +53233,11 @@ static JSValue js_typed_array_sort(JSContext *ctx, JSValueConst this_val,
tsc.arr = this_val;
tsc.cmp = argv[0];
if (!JS_IsUndefined(tsc.cmp) && check_function(ctx, tsc.cmp))
return JS_EXCEPTION;
len = js_typed_array_get_length_internal(ctx, this_val);
if (len < 0)
return JS_EXCEPTION;
if (!JS_IsUndefined(tsc.cmp) && check_function(ctx, tsc.cmp))
return JS_EXCEPTION;
if (len > 1) {
p = JS_VALUE_GET_OBJ(this_val);
@@ -53300,44 +53303,48 @@ static JSValue js_typed_array_sort(JSContext *ctx, JSValueConst this_val,
tsc.elt_size = elt_size;
rqsort(array_idx, len, sizeof(array_idx[0]),
js_TA_cmp_generic, &tsc);
if (tsc.exception)
goto fail;
array_tmp = js_malloc(ctx, len * elt_size);
if (!array_tmp) {
fail:
js_free(ctx, array_idx);
return JS_EXCEPTION;
if (tsc.exception) {
if (tsc.exception == 1)
goto fail;
/* detached typed array during the sort: no error */
} else {
array_tmp = js_malloc(ctx, len * elt_size);
if (!array_tmp) {
fail:
js_free(ctx, array_idx);
return JS_EXCEPTION;
}
memcpy(array_tmp, array_ptr, len * elt_size);
switch(elt_size) {
case 1:
for(i = 0; i < len; i++) {
j = array_idx[i];
((uint8_t *)array_ptr)[i] = ((uint8_t *)array_tmp)[j];
}
break;
case 2:
for(i = 0; i < len; i++) {
j = array_idx[i];
((uint16_t *)array_ptr)[i] = ((uint16_t *)array_tmp)[j];
}
break;
case 4:
for(i = 0; i < len; i++) {
j = array_idx[i];
((uint32_t *)array_ptr)[i] = ((uint32_t *)array_tmp)[j];
}
break;
case 8:
for(i = 0; i < len; i++) {
j = array_idx[i];
((uint64_t *)array_ptr)[i] = ((uint64_t *)array_tmp)[j];
}
break;
default:
abort();
}
js_free(ctx, array_tmp);
}
memcpy(array_tmp, array_ptr, len * elt_size);
switch(elt_size) {
case 1:
for(i = 0; i < len; i++) {
j = array_idx[i];
((uint8_t *)array_ptr)[i] = ((uint8_t *)array_tmp)[j];
}
break;
case 2:
for(i = 0; i < len; i++) {
j = array_idx[i];
((uint16_t *)array_ptr)[i] = ((uint16_t *)array_tmp)[j];
}
break;
case 4:
for(i = 0; i < len; i++) {
j = array_idx[i];
((uint32_t *)array_ptr)[i] = ((uint32_t *)array_tmp)[j];
}
break;
case 8:
for(i = 0; i < len; i++) {
j = array_idx[i];
((uint64_t *)array_ptr)[i] = ((uint64_t *)array_tmp)[j];
}
break;
default:
abort();
}
js_free(ctx, array_tmp);
js_free(ctx, array_idx);
} else {
rqsort(array_ptr, len, elt_size, cmpfun, &tsc);