Added missing detached array checks.

Author: xeioex

src/njs_buffer.c

@@ -1913,6 +1913,11 @@ njs_buffer_fill_typed_array(njs_vm_t *vm, const njs_value_t *value,
     buffer = njs_typed_array_buffer(array);
 
     arr_from = njs_typed_array(value);
+    if (njs_slow_path(njs_is_detached_buffer(arr_from->buffer))) {
+        njs_type_error(vm, "detached buffer");
+        return NJS_ERROR;
+    }
+
     byte_length = arr_from->byte_length;
     from = &njs_typed_array_buffer(arr_from)->u.u8[arr_from->offset];
 

src/njs_encoding.c

@@ -199,6 +199,11 @@ njs_text_encoder_encode_into(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
     end = start + str.length;
 
     array = njs_typed_array(dest);
+    if (njs_slow_path(njs_is_detached_buffer(array->buffer))) {
+        njs_type_error(vm, "detached buffer");
+        return NJS_ERROR;
+    }
+
     to = njs_typed_array_start(array);
     to_end = to + array->byte_length;
 
@@ -512,6 +517,10 @@ njs_text_decoder_decode(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
 
         if (njs_is_typed_array(value)) {
             array = njs_typed_array(value);
+            if (njs_slow_path(njs_is_detached_buffer(array->buffer))) {
+                njs_type_error(vm, "detached buffer");
+                return NJS_ERROR;
+            }
 
             start = njs_typed_array_start(array);
             end = start + array->byte_length;

src/njs_object.c

@@ -661,6 +661,11 @@ njs_object_enumerate_typed_array(njs_vm_t *vm, const njs_typed_array_t *array,
     njs_value_t  *item;
     njs_array_t  *entry;
 
+    if (njs_slow_path(njs_is_detached_buffer(array->buffer))) {
+        njs_type_error(vm, "detached buffer");
+        return NJS_ERROR;
+    }
+
     length = njs_typed_array_length(array);
 
     ret = njs_array_expand(vm, items, 0, length);

src/njs_typed_array.c

@@ -2070,6 +2070,11 @@ njs_typed_array_to_chain(njs_vm_t *vm, njs_chb_t *chain,
     uint32_t           i;
     njs_string_prop_t  separator;
 
+    if (njs_slow_path(njs_is_detached_buffer(array->buffer))) {
+        njs_chb_append(chain, "<detached buffer>", 18);
+        return;
+    }
+
     if (sep != NULL && njs_is_string(sep)) {
         (void) njs_string_prop(vm, &separator, sep);
 

src/test/njs_unit_test.c

@@ -6259,6 +6259,11 @@ static njs_unit_test_t  njs_test[] =
               "           try {a.set(init,Infinity)} catch (e) {return e.name == 'RangeError'};})"),
       njs_str("true") },
 
+    { njs_str(NJS_INT_TYPED_ARRAY_LIST
+              ".map(v=>{try { var a = new v(1); $262.detachArrayBuffer(a.buffer); Object.entries(a)} "
+              "catch (e) {return e.name}}).every(v=>v === 'TypeError')"),
+      njs_str("true") },
+
     { njs_str("[-1,-1.00001,-Infinity]"
               ".every(v=>{ try {(new Uint8Array(10)).set([], v)} catch (ee) {return ee.name === 'RangeError'}})"),
       njs_str("true") },

test/buffer.t.js

@@ -254,6 +254,10 @@ let fill_tsuite = {
     name: "buf.fill() tests",
     skip: () => (!has_buffer()),
     T: async (params) => {
+        if (params.detach_value) {
+            detach(params.value.buffer);
+        }
+
         let r = params.buf.fill(params.value, params.offset, params.end);
 
         if (r.toString() !== params.expected) {
@@ -274,6 +278,8 @@ let fill_tsuite = {
           exception: 'TypeError: "utf-128" encoding is not supported' },
         { buf: Buffer.from('abc'), value: 'ABCD', offset: 1, expected: 'aAB' },
         { buf: Buffer.from('abc'), value: Buffer.from('def'), expected: 'def' },
+        { buf: Buffer.from('abc'), value: Buffer.from('def'), detach_value: true,
+          exception: 'TypeError: detached buffer' },
         { buf: Buffer.from('def'),
           value: Buffer.from(new Uint8Array([0x60, 0x61, 0x62, 0x63]).buffer, 1),
           expected: 'abc' },

test/harness/runTsuite.js

@@ -95,3 +95,10 @@ function merge(to, from) {
     return r;
 }
 
+function detach(ab) {
+    $262.detachArrayBuffer(ab);
+}
+
+function is_detach_available() {
+    return (typeof $262 !== 'undefined' && typeof $262.detachArrayBuffer === 'function');
+}

test/text_decoder.t.js

@@ -133,10 +133,40 @@ let ignoreBOM_tsuite = {
     ],
 };
 
+let detached_tsuite = {
+    name: "TextDecoder() detached buffer test",
+    skip: () => !is_detach_available(),
+
+    T: async (params) => {
+        let td = new TextDecoder('utf-8');
+        let uint8 = new Uint8Array([0]);
+
+        detach(uint8.buffer);
+
+        try {
+            td.decode(uint8);
+
+        } catch (e) {
+            if (e.toString().startsWith('TypeError:')) {
+                return 'SUCCESS';
+            } else {
+                throw e;
+            }
+        }
+
+        throw Error('Expected TypeError not thrown');
+    },
+
+    tests: [
+        { },
+    ],
+};
+
 
 run([
     stream_tsuite,
     fatal_tsuite,
     ignoreBOM_tsuite,
+    detached_tsuite,
 ])
 .then($DONE, $DONE);

test/text_encoder.t.js

@@ -67,8 +67,38 @@ let encodeinto_tsuite = {
     ],
 };
 
+let detached_tsuite = {
+    name: "TextEncoder() with detached buffer tests",
+    skip: () => (!is_detach_available()),
+
+    T: async (params) => {
+        let td = new TextEncoder();
+        let uint8 = new Uint8Array(10);
+
+        detach(uint8.buffer);
+
+        try {
+            td.encodeInto("test", uint8);
+
+        } catch (e) {
+            if (e.toString().startsWith('TypeError:')) {
+                return 'SUCCESS';
+            } else {
+                throw e;
+            }
+        }
+
+        throw Error('Expected TypeError not thrown');
+    },
+
+    tests: [
+        { },
+    ],
+};
+
 run([
     encode_tsuite,
     encodeinto_tsuite,
+    detached_tsuite,
 ])
 .then($DONE, $DONE);