[JSC] Update ArrayBuffer#resize's detach check timing

https://bugs.webkit.org/show_bug.cgi?id=259076 rdar://112041092 Reviewed by Mark Lam. Change the order of detach check according to the latest spec[1], but this only changes the type of error (from RangeError to TypeError). [1]: tc39/ecma262#3116 * JSTests/stress/arraybuffer-resizable-resize-update.js: Added. (shouldThrow): * Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): Canonical link: https://commits.webkit.org/265935@main
movableink · Jul 15, 2023 · 1510211 · 1510211
1 parent 6eb8d1e
commit 1510211
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 3 deletions.
diff --git a/JSTests/stress/arraybuffer-resizable-resize-update.js b/JSTests/stress/arraybuffer-resizable-resize-update.js
@@ -0,0 +1,24 @@
+function shouldThrow(func, errorMessage) {
+    var errorThrown = false;
+    var error = null;
+    try {
+        func();
+    } catch (e) {
+        errorThrown = true;
+        error = e;
+    }
+    if (!errorThrown)
+        throw new Error('not thrown');
+    if (String(error) !== errorMessage)
+        throw new Error(`bad error: ${String(error)}`);
+}
+
+let buffer = new ArrayBuffer(16, {maxByteLength: 16});
+shouldThrow(() => {
+    buffer.resize({
+        valueOf() {
+            $.detachArrayBuffer(buffer);
+            return 0;
+        }
+    });
+}, `TypeError: Receiver is detached`);
diff --git a/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp b/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp
@@ -278,12 +278,12 @@ JSC_DEFINE_HOST_FUNCTION(arrayBufferProtoFuncResize, (JSGlobalObject* globalObje
     if (UNLIKELY(!thisObject->impl()->isResizableOrGrowableShared()))
         return throwVMTypeError(globalObject, scope, "ArrayBuffer is not resizable"_s);
 
-    if (UNLIKELY(thisObject->impl()->isDetached()))
-        return throwVMTypeError(globalObject, scope, "Receiver is detached"_s);
-
     double newLength = callFrame->argument(0).toIntegerOrInfinity(globalObject);
     RETURN_IF_EXCEPTION(scope, { });
 
+    if (UNLIKELY(thisObject->impl()->isDetached()))
+        return throwVMTypeError(globalObject, scope, "Receiver is detached"_s);
+
     if (!std::isfinite(newLength) || newLength < 0)
         return throwVMRangeError(globalObject, scope, "new length is out of range"_s);
     size_t newByteLength = static_cast<size_t>(newLength);