3a43be9b78
BUG=691323 Change-Id: I84f2c90355982567c421639e115745eadd5fcb21 Reviewed-on: https://chromium-review.googlesource.com/441964 Reviewed-by: Caitlin Potter <caitp@igalia.com> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#43279}
36 lines
951 B
JavaScript
36 lines
951 B
JavaScript
// Copyright 2017 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --allow-natives-syntax
|
|
var buffer = new ArrayBuffer(0x100);
|
|
var array = new Uint8Array(buffer).fill(55);
|
|
var tmp = {};
|
|
tmp[Symbol.toPrimitive] = function () {
|
|
%ArrayBufferNeuter(array.buffer)
|
|
return 0;
|
|
};
|
|
|
|
|
|
assertEquals(-1, Array.prototype.indexOf.call(array, 0x00, tmp));
|
|
|
|
buffer = new ArrayBuffer(0x100);
|
|
array = new Uint8Array(buffer).fill(55);
|
|
tmp = {};
|
|
tmp[Symbol.toPrimitive] = function () {
|
|
%ArrayBufferNeuter(array.buffer)
|
|
return 0;
|
|
};
|
|
|
|
|
|
assertEquals(false, Array.prototype.includes.call(array, 0x00, tmp));
|
|
|
|
buffer = new ArrayBuffer(0x100);
|
|
array = new Uint8Array(buffer).fill(55);
|
|
tmp = {};
|
|
tmp[Symbol.toPrimitive] = function () {
|
|
%ArrayBufferNeuter(array.buffer)
|
|
return 0;
|
|
};
|
|
assertEquals(true, Array.prototype.includes.call(array, undefined, tmp));
|