Bug 1317394 - Make DataView getters throw for detached array buffers in Nightly. r=anba
authorTom Schuster <evilpies@gmail.com>
Mon, 11 Sep 2017 18:35:00 +0200
changeset 429580 a3165738018940e64aa81f446d47198761977deb
parent 429579 8b224e79a2f34574c2df460e8f92e67054c71fc3
child 429581 ea4ebbcd00229b66bef9bbf9cf88596bf12439cc
push id7761
push userjlund@mozilla.com
push dateFri, 15 Sep 2017 00:19:52 +0000
treeherdermozilla-beta@c38455951db4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersanba
bugs1317394
milestone57.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1317394 - Make DataView getters throw for detached array buffers in Nightly. r=anba
js/src/builtin/DataViewObject.cpp
js/src/tests/jstests.list
--- a/js/src/builtin/DataViewObject.cpp
+++ b/js/src/builtin/DataViewObject.cpp
@@ -882,31 +882,51 @@ DataViewObject::bufferGetter(JSContext* 
     CallArgs args = CallArgsFromVp(argc, vp);
     return CallNonGenericMethod<is, bufferGetterImpl>(cx, args);
 }
 
 bool
 DataViewObject::byteLengthGetterImpl(JSContext* cx, const CallArgs& args)
 {
     Rooted<DataViewObject*> thisView(cx, &args.thisv().toObject().as<DataViewObject>());
+
+#ifdef NIGHTLY_BUILD
+    // Step 6,
+    if (thisView->arrayBufferEither().isDetached()) {
+        JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_DETACHED);
+        return false;
+    }
+#endif
+
+    // Step 7.
     args.rval().set(DataViewObject::byteLengthValue(thisView));
     return true;
 }
 
 bool
 DataViewObject::byteLengthGetter(JSContext* cx, unsigned argc, Value* vp)
 {
     CallArgs args = CallArgsFromVp(argc, vp);
     return CallNonGenericMethod<is, byteLengthGetterImpl>(cx, args);
 }
 
 bool
 DataViewObject::byteOffsetGetterImpl(JSContext* cx, const CallArgs& args)
 {
     Rooted<DataViewObject*> thisView(cx, &args.thisv().toObject().as<DataViewObject>());
+
+#ifdef NIGHTLY_BUILD
+    // Step 6,
+    if (thisView->arrayBufferEither().isDetached()) {
+        JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_TYPED_ARRAY_DETACHED);
+        return false;
+    }
+#endif
+
+    // Step 7.
     args.rval().set(DataViewObject::byteOffsetValue(thisView));
     return true;
 }
 
 bool
 DataViewObject::byteOffsetGetter(JSContext* cx, unsigned argc, Value* vp)
 {
     CallArgs args = CallArgsFromVp(argc, vp);
--- a/js/src/tests/jstests.list
+++ b/js/src/tests/jstests.list
@@ -291,18 +291,18 @@ skip script test262/built-ins/TypedArray
 skip script test262/built-ins/TypedArrays/typedarray-arg-same-ctor-buffer-ctor-species-custom-proto-from-ctor-realm.js
 skip script test262/built-ins/WeakMap/proto-from-ctor-realm.js
 skip script test262/built-ins/WeakSet/proto-from-ctor-realm.js
 
 # https://bugzilla.mozilla.org/show_bug.cgi?id=1317395
 skip script test262/built-ins/ArrayBuffer/prototype/byteLength/detached-buffer.js
 
 # https://bugzilla.mozilla.org/show_bug.cgi?id=1317394
-skip script test262/built-ins/DataView/prototype/byteOffset/detached-buffer.js
-skip script test262/built-ins/DataView/prototype/byteLength/detached-buffer.js
+skip-if(release_or_beta) script test262/built-ins/DataView/prototype/byteOffset/detached-buffer.js
+skip-if(release_or_beta) script test262/built-ins/DataView/prototype/byteLength/detached-buffer.js
 
 # We're still waiting for a final decision on https://github.com/tc39/ecma402/pull/84.
 skip script test262/intl402/Collator/10.1.1_1.js
 skip script test262/intl402/NumberFormat/11.1.1_1.js
 skip script test262/intl402/DateTimeFormat/12.1.1_1.js
 
 # Waiting on https://github.com/tc39/ecma402/issues/122
 skip script test262/intl402/DateTimeFormat/prototype/12.3_a.js