« Bugzilla Issues Index
#2174 — 22.2.1.2 %TypedArray%: Check [[ViewedArrayBuffer]] state before assignment
- bug_id:
2174
- creation_ts:
2013-11-02 03:23:00 -0700
- short_desc:
22.2.1.2 %TypedArray%: Check [[ViewedArrayBuffer]] state before assignment
- delta_ts:
2013-11-08 13:08:38 -0800
- product:
Draft for 6th Edition
- component:
technical issue
- version:
Rev 20: October 28, 2013 Draft
- rep_platform:
All
- op_sys:
All
- bug_status:
RESOLVED
- resolution:
FIXED
- priority:
Normal
- bug_severity:
normal
- blocked:
2179
- everconfirmed:
true
- reporter:
André Bargull
- assigned_to:
Allen Wirfs-Brock
- commentid:
6375
- comment_count:
0
- who:
André Bargull
- bug_when:
2013-11-02 03:23:56 -0700
22.2.1.2 %TypedArray% ( typedArray ), steps 27:
CloneArrayBuffer() is not side-effect free, cf. Get(..., "constructor"). That means it is possible to initialise the TypedArray object twice. Add an additional step before step 27 to check [[ViewedArrayBuffer]] is still `undefined`.
test case:
---
var buf = new ArrayBuffer(1);
Object.defineProperty(buf, "constructor", {
get(){
Object.getPrototypeOf(Int8Array).call(t, 1);
return ArrayBuffer;
}
});
var t = Int8Array[Symbol.create]();
Int8Array.call(t, new Int8Array(buf));
---
- commentid:
6415
- comment_count:
1
- who:
Allen Wirfs-Brock
- bug_when:
2013-11-03 10:38:44 -0800
fixed in rev21 editor's draft
- commentid:
6497
- comment_count:
2
- who:
Allen Wirfs-Brock
- bug_when:
2013-11-08 13:08:38 -0800
fixed in rev21 draft