diff --git a/jerry-core/ecma/operations/ecma-typedarray-object.c b/jerry-core/ecma/operations/ecma-typedarray-object.c index f6724a41c..62be35f8c 100644 --- a/jerry-core/ecma/operations/ecma-typedarray-object.c +++ b/jerry-core/ecma/operations/ecma-typedarray-object.c @@ -800,16 +800,26 @@ ecma_typedarray_create_object_with_length (uint32_t array_length, /**< length of uint8_t element_size_shift, /**< the size shift of the element length */ ecma_typedarray_type_t typedarray_id) /**< id of the typedarray */ { - if (array_length > (UINT32_MAX >> element_size_shift)) - { - return ecma_raise_range_error (ECMA_ERR_MSG ("Maximum TypedArray size is reached")); - } + uint32_t byte_length = UINT32_MAX; - uint32_t byte_length = array_length << element_size_shift; + if (array_length <= (UINT32_MAX >> element_size_shift)) + { + byte_length = array_length << element_size_shift; + } if (byte_length > UINT32_MAX - sizeof (ecma_extended_object_t) - JMEM_ALIGNMENT + 1) { - return ecma_raise_range_error (ECMA_ERR_MSG ("Maximum TypedArray size is reached")); +#if JERRY_ERROR_MESSAGES + ecma_value_t array_length_value = ecma_make_number_value (array_length); + + ecma_value_t result = ecma_raise_standard_error_with_format (JERRY_ERROR_RANGE, + "Invalid typed array length: %", + array_length_value); + ecma_free_value (array_length_value); + return result; +#else /* !JERRY_ERROR_MESSAGES */ + return ecma_raise_range_error (NULL); +#endif /* JERRY_ERROR_MESSAGES */ } ecma_object_t *new_arraybuffer_p = NULL; @@ -1616,19 +1626,26 @@ ecma_op_create_typedarray (const ecma_value_t *arguments_list_p, /**< the arg li ecma_number_t num = 0; if (!ecma_is_value_undefined (arguments_list_p[0]) - && ECMA_IS_VALUE_ERROR (ecma_op_to_number (arguments_list_p[0], &num))) + && ECMA_IS_VALUE_ERROR (ecma_op_to_index (arguments_list_p[0], &num))) { return ECMA_VALUE_ERROR; } - uint32_t length = ecma_number_to_uint32 (num); - if (ecma_number_is_infinity (num)) + JERRY_ASSERT (num >= 0 && num <= ECMA_NUMBER_MAX_SAFE_INTEGER); + + if (num > UINT32_MAX) { - ret = ecma_raise_range_error (ECMA_ERR_MSG ("Invalid TypedArray length")); +#if JERRY_ERROR_MESSAGES + ret = ecma_raise_standard_error_with_format (JERRY_ERROR_RANGE, + "Invalid typed array length: %", + arguments_list_p[0]); +#else /* !JERRY_ERROR_MESSAGES */ + ret = ecma_raise_range_error (NULL); +#endif /* JERRY_ERROR_MESSAGES */ } else { - ret = ecma_typedarray_create_object_with_length (length, + ret = ecma_typedarray_create_object_with_length ((uint32_t) num, NULL, proto_p, element_size_shift, diff --git a/tests/jerry/es.next/typedArray-constructor.js b/tests/jerry/es.next/typedArray-constructor.js new file mode 100644 index 000000000..20c2e94db --- /dev/null +++ b/tests/jerry/es.next/typedArray-constructor.js @@ -0,0 +1,35 @@ +/* Copyright JS Foundation and other contributors, http://js.foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +function check_range_error(code) +{ + try { + eval(code); + assert(false); + } catch (e) { + assert(e instanceof RangeError); + } +} + +// Invalid cases + +check_range_error("new Uint8Array(1e15)"); +check_range_error("new Uint8Array(4294967296)"); +check_range_error("new Uint8Array(4294967296 - 1)"); +check_range_error("new Uint8Array(-1)"); + +// Valid cases +assert((new Uint8Array(3.5)).length === 3) +assert((new Uint8Array(-0.5)).length === 0)