Menu
▾
▴
[HtmlUnit] SVN: [14839] trunk/htmlunit/src
|
From: <rb...@us...> - 2017-09-18 06:31:41
|
Revision: 14839
http://sourceforge.net/p/htmlunit/code/14839
Author: rbri
Date: 2017-09-18 06:31:38 +0000 (Mon, 18 Sep 2017)
Log Message:
-----------
fix handling of negative buffer sizes for the ArrayBuffer ctor
Modified Paths:
--------------
trunk/htmlunit/src/changes/changes.xml
trunk/htmlunit/src/main/java/com/gargoylesoftware/htmlunit/javascript/host/arrays/ArrayBuffer.java
trunk/htmlunit/src/test/java/com/gargoylesoftware/htmlunit/javascript/host/arrays/ArrayBufferTest.java
Modified: trunk/htmlunit/src/changes/changes.xml
===================================================================
--- trunk/htmlunit/src/changes/changes.xml 2017-09-15 11:24:48 UTC (rev 14838)
+++ trunk/htmlunit/src/changes/changes.xml 2017-09-18 06:31:38 UTC (rev 14839)
@@ -8,6 +8,9 @@
<body>
<release version="2.28" date="???" description="Bugfixes, Chrome 61">
+ <action type="fix" dev="rbri">
+ JavaScript: fix handling of negative buffer sizes for the ArrayBuffer ctor.
+ </action>
<action type="add" dev="rbri">
JavaScript: getComputedTextLength() support added for svg text elements.
</action>
Modified: trunk/htmlunit/src/main/java/com/gargoylesoftware/htmlunit/javascript/host/arrays/ArrayBuffer.java
===================================================================
--- trunk/htmlunit/src/main/java/com/gargoylesoftware/htmlunit/javascript/host/arrays/ArrayBuffer.java 2017-09-15 11:24:48 UTC (rev 14838)
+++ trunk/htmlunit/src/main/java/com/gargoylesoftware/htmlunit/javascript/host/arrays/ArrayBuffer.java 2017-09-18 06:31:38 UTC (rev 14839)
@@ -21,6 +21,7 @@
import com.gargoylesoftware.htmlunit.javascript.configuration.JsxGetter;
import net.sourceforge.htmlunit.corejs.javascript.Context;
+import net.sourceforge.htmlunit.corejs.javascript.ScriptRuntime;
import net.sourceforge.htmlunit.corejs.javascript.Undefined;
/**
@@ -55,6 +56,9 @@
*/
@JsxConstructor
public void constructor(final int length) {
+ if (length < 0) {
+ throw ScriptRuntime.rangeError("invalid array length '" + length + "'.");
+ }
bytes_ = new byte[length];
}
Modified: trunk/htmlunit/src/test/java/com/gargoylesoftware/htmlunit/javascript/host/arrays/ArrayBufferTest.java
===================================================================
--- trunk/htmlunit/src/test/java/com/gargoylesoftware/htmlunit/javascript/host/arrays/ArrayBufferTest.java 2017-09-15 11:24:48 UTC (rev 14838)
+++ trunk/htmlunit/src/test/java/com/gargoylesoftware/htmlunit/javascript/host/arrays/ArrayBufferTest.java 2017-09-18 06:31:38 UTC (rev 14839)
@@ -38,6 +38,44 @@
* @throws Exception if the test fails
*/
@Test
+ @Alerts("0")
+ public void ctorLengthZero() throws Exception {
+ final String html
+ = "<html><head><title>foo</title><script>\n"
+ + "function test() {\n"
+ + " var buff = new ArrayBuffer(0);\n"
+ + " alert(buff.byteLength);\n"
+ + "}\n"
+ + "</script></head><body onload='test()'>\n"
+ + "</body></html>";
+
+ loadPageWithAlerts2(html);
+ }
+
+ /**
+ * @throws Exception if the test fails
+ */
+ @Test
+ @Alerts("exception true")
+ public void ctorLengthNegative() throws Exception {
+ final String html
+ = "<html><head><title>foo</title><script>\n"
+ + "function test() {\n"
+ + " try {\n"
+ + " var buff = new ArrayBuffer(-1);\n"
+ + " alert(buff.byteLength);\n"
+ + " } catch(e) { alert('exception ' + (e instanceof RangeError)); }"
+ + "}\n"
+ + "</script></head><body onload='test()'>\n"
+ + "</body></html>";
+
+ loadPageWithAlerts2(html);
+ }
+
+ /**
+ * @throws Exception if the test fails
+ */
+ @Test
@Alerts("5")
public void byteLength() throws Exception {
final String html
|
