themackabu.com / ant
MIRROR: javascript for ๐Ÿœ's, a tiny runtime with big ambitions
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

buffer out-of-bounds fix

theMackabu 33a4c93d fc8857fd

+15
+15
src/modules/buffer.c
··· 520 520 } 521 521 522 522 size_t element_size = get_element_size(type); 523 + 524 + if (byte_offset > buffer->length) { 525 + return js_mkerr(js, "Start offset is outside the bounds of the buffer"); 526 + } 527 + 523 528 if (nargs > 2 && vtype(args[2]) == T_NUM) { 524 529 length = (size_t)js_getnum(args[2]); 530 + if (byte_offset + length * element_size > buffer->length) { 531 + return js_mkerr(js, "Invalid TypedArray length"); 532 + } 525 533 } else { 526 534 length = (buffer->length - byte_offset) / element_size; 527 535 } ··· 894 902 byte_offset = (size_t)js_getnum(args[1]); 895 903 } 896 904 905 + if (byte_offset > buffer->length) { 906 + return js_mkerr(js, "Start offset is outside the bounds of the buffer"); 907 + } 908 + 897 909 if (nargs > 2 && vtype(args[2]) == T_NUM) { 898 910 byte_length = (size_t)js_getnum(args[2]); 911 + if (byte_offset + byte_length > buffer->length) { 912 + return js_mkerr(js, "Invalid DataView length"); 913 + } 899 914 } else { 900 915 byte_length = buffer->length - byte_offset; 901 916 }