JavaScriptCore-7601.1.46.3.tar.gz

[apple/javascriptcore.git] / runtime / JSDataView.cpp

diff --git a/runtime/JSDataView.cpp b/runtime/JSDataView.cpp
index d2e231a453a5ba75135149ee3bd88d3ac711f04c..513d4c6b3bd5cbf0084605e52c0ef5b3a41474d3 100644 (file)
--- a/runtime/JSDataView.cpp
+++ b/runtime/JSDataView.cpp
@@ -34,7 +34,7 @@
 namespace JSC {
 
 const ClassInfo JSDataView::s_info = {
-    "DataView", &Base::s_info, 0, 0, CREATE_METHOD_TABLE(JSDataView)};
+    "DataView", &Base::s_info, 0, CREATE_METHOD_TABLE(JSDataView)};
 
 JSDataView::JSDataView(VM& vm, ConstructionContext& context, ArrayBuffer* buffer)
     : Base(vm, context)
@@ -47,10 +47,13 @@ JSDataView* JSDataView::create(
     unsigned byteOffset, unsigned byteLength)
 {
     RefPtr<ArrayBuffer> buffer = passedBuffer;
-    if (!ArrayBufferView::verifySubRange<uint8_t>(buffer, byteOffset, byteLength)) {
-        throwVMError(
-            exec, createRangeError(exec, "Byte offset and length out of range of buffer"));
-        return 0;
+    if (!ArrayBufferView::verifySubRangeLength(buffer, byteOffset, byteLength, sizeof(uint8_t))) {
+        throwVMError(exec, createRangeError(exec, ASCIILiteral("Length out of range of buffer")));
+        return nullptr;
+    }
+    if (!ArrayBufferView::verifyByteOffsetAlignment(byteOffset, sizeof(uint8_t))) {
+        exec->vm().throwException(exec, createRangeError(exec, ASCIILiteral("Byte offset is not aligned")));
+        return nullptr;
     }
     VM& vm = exec->vm();
     ConstructionContext context(