GetValue of DataView doesn't guarantee target in range
allen at wirfs-brock.com
Thu Jan 3 09:50:27 PST 2013
The DavaView section is still a early and very rough draft that is due for a total rewrite. I've made a node that this specific formula needs to be fixed.
On Jan 3, 2013, at 5:49 AM, Yusuke Suzuki wrote:
> Hello all,
> According to rev13 draft section 18.104.22.168 step 4,
> 4. If totalOffset ≥ byteLength, throw a RangeError exception.
> But this doesn't guarantee target in range of buffer.
> For example,
> var view = new DataView(new ArrayBuffer(1));
> In above example, calling GetValue(0, false, Uint32), and then totalOffset is 0 and byteLength is 1, so a RangeError exception isn't thrown. But because Uint32 requires 4 bytes, this access is out of range.
> I think we should check (totalOffset + ElementSize) > byteLength, right?
> Yusuke Suzuki
> es-discuss mailing list
> es-discuss at mozilla.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss