mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2026-06-19 08:11:58 +00:00
be5320b67c
The interpreter's fast path for PutByValue on a typed array treated an out-of-bounds index as a silent no-op and returned without touching the value. That is observably wrong: TypedArraySetElement evaluates ToNumber(value) before checking the index, so a value with a valueOf side effect must still have that side effect run even when the store is ultimately discarded. Fall back to the slow path on an out-of-bounds or otherwise invalid index instead of reporting success. The slow path runs the full TypedArraySetElement algorithm, which performs the coercion and then discards the write. Direct assignment now matches Reflect.set, which already went through the slow path. Fixes the staging/sm typed array out-of-bounds ToNumber test262 case and adds a test-js regression covering direct assignment, Reflect.set, and Reflect.defineProperty. |
||
|---|---|---|
| .. | ||
| AsmInterpreter | ||
| BuiltinAbstractOperationsEnabled.h | ||
| Builtins.h | ||
| Bytecode.def | ||
| ClassBlueprint.h | ||
| Debug.h | ||
| Executable.cpp | ||
| Executable.h | ||
| IdentifierTable.cpp | ||
| IdentifierTable.h | ||
| Instruction.cpp | ||
| Instruction.h | ||
| Interpreter.cpp | ||
| Label.h | ||
| Operand.h | ||
| PropertyAccess.h | ||
| PropertyKeyTable.cpp | ||
| PropertyKeyTable.h | ||
| PropertyNameIterator.cpp | ||
| PropertyNameIterator.h | ||
| PutKind.h | ||
| RegexTable.cpp | ||
| RegexTable.h | ||
| Register.h | ||
| StringTable.cpp | ||
| StringTable.h | ||
| Validator.cpp | ||
| Validator.h | ||