From 376a33298988ce64146eab9feeb9d2b80557d878 Mon Sep 17 00:00:00 2001 From: Marko Lahma Date: Sat, 13 Jul 2024 19:45:44 +0300 Subject: [PATCH] Backport typed array related fixes (#1913) * resizable array buffer length checks should obey bounds checks * fix async function expression prototype * upgrade System.Text.Json to version 8.0.4 --- Directory.Packages.props | 2 +- Jint.Tests.Test262/Test262Harness.settings.json | 8 ++++++-- Jint/Native/Array/ArrayOperations.cs | 2 +- Jint/Native/JsTypedArray.cs | 6 +++++- .../Expressions/JintArrowFunctionExpression.cs | 7 ++++++- 5 files changed, 19 insertions(+), 6 deletions(-) diff --git a/Directory.Packages.props b/Directory.Packages.props index 60faeca213..3c95907074 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -21,7 +21,7 @@ - + diff --git a/Jint.Tests.Test262/Test262Harness.settings.json b/Jint.Tests.Test262/Test262Harness.settings.json index 867263c5b1..5cca8e6d92 100644 --- a/Jint.Tests.Test262/Test262Harness.settings.json +++ b/Jint.Tests.Test262/Test262Harness.settings.json @@ -1,5 +1,5 @@ { - "SuiteGitSha": "c3a326ace810e7c80a4e1b8df8c8b704ed223c28", + "SuiteGitSha": "694fae5b10fa760951dbc9c2fe22a2fa38383c66", //"SuiteDirectory": "//mnt/c/work/test262", "TargetPath": "./Generated", "Namespace": "Jint.Tests.Test262", @@ -8,18 +8,22 @@ "Array.fromAsync", "async-iteration", "Atomics", + "Atomics.pause", "Float16Array", "import-assertions", "iterator-helpers", + "Math.sumPrecise", "promise-try", "regexp-duplicate-named-groups", "regexp-lookbehind", "regexp-modifiers", "regexp-unicode-property-escapes", "regexp-v-flag", + "source-phase-imports", "tail-call-optimization", "Temporal", - "u180e" + "u180e", + "uint8array-base64" ], "ExcludedFlags": [ ], diff --git a/Jint/Native/Array/ArrayOperations.cs b/Jint/Native/Array/ArrayOperations.cs index e03e046434..45d519f6c8 100644 --- a/Jint/Native/Array/ArrayOperations.cs +++ b/Jint/Native/Array/ArrayOperations.cs @@ -351,7 +351,7 @@ public override void EnsureCapacity(ulong capacity) public override bool TryGetValue(ulong index, out JsValue value) { - if (index < _target.GetLength()) + if (_target.IsValidIntegerIndex(index)) { value = _target[(int) index]; return true; diff --git a/Jint/Native/JsTypedArray.cs b/Jint/Native/JsTypedArray.cs index 592133d375..82e38907eb 100644 --- a/Jint/Native/JsTypedArray.cs +++ b/Jint/Native/JsTypedArray.cs @@ -52,7 +52,11 @@ public JsValue this[uint index] public uint Length => GetLength(); - internal override uint GetLength() => IntrinsicTypedArrayPrototype.MakeTypedArrayWithBufferWitnessRecord(this, ArrayBufferOrder.Unordered).TypedArrayLength; + internal override uint GetLength() + { + var record = IntrinsicTypedArrayPrototype.MakeTypedArrayWithBufferWitnessRecord(this, ArrayBufferOrder.Unordered); + return record.IsTypedArrayOutOfBounds ? 0 : record.TypedArrayLength; + } internal override bool IsArrayLike => true; diff --git a/Jint/Runtime/Interpreter/Expressions/JintArrowFunctionExpression.cs b/Jint/Runtime/Interpreter/Expressions/JintArrowFunctionExpression.cs index cf165b2867..db8ed3f99b 100644 --- a/Jint/Runtime/Interpreter/Expressions/JintArrowFunctionExpression.cs +++ b/Jint/Runtime/Interpreter/Expressions/JintArrowFunctionExpression.cs @@ -1,5 +1,6 @@ using Jint.Native; using Jint.Native.Function; +using Jint.Native.Object; namespace Jint.Runtime.Interpreter.Expressions; @@ -18,8 +19,12 @@ protected override object EvaluateInternal(EvaluationContext context) var env = engine.ExecutionContext.LexicalEnvironment; var privateEnv = engine.ExecutionContext.PrivateEnvironment; + ObjectInstance prototype = _function.Function.Async + ? engine.Realm.Intrinsics.AsyncFunction.PrototypeObject + : engine.Realm.Intrinsics.Function.PrototypeObject; + var closure = engine.Realm.Intrinsics.Function.OrdinaryFunctionCreate( - engine.Realm.Intrinsics.Function.PrototypeObject, + prototype, _function, FunctionThisMode.Lexical, env,