9010d09a05
Evil resizes were tested. Evil resizes to 0 were not. Bug: v8:11111,chromium:1393375 Change-Id: Ie7318ae300d9779664d97e61214fed61f061f36d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4053554 Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Auto-Submit: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#84489}
15 lines
387 B
JavaScript
15 lines
387 B
JavaScript
// Copyright 2022 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --harmony-rab-gsab
|
|
|
|
const rab = new ArrayBuffer(50, {"maxByteLength": 100});
|
|
const ta = new Int8Array(rab);
|
|
const evil = {};
|
|
evil.valueOf = function() {
|
|
rab.resize(0);
|
|
return 5;
|
|
}
|
|
ta.lastIndexOf(1, evil);
|