The DavaView section is still a early and very rough draft that is due for a total rewrite. I've made a node that this specific formula needs to be fixed.
Allen On Jan 3, 2013, at 5:49 AM, Yusuke Suzuki wrote: > Hello all, > > According to rev13 draft section 15.13.7.4 step 4, > > 4. If totalOffset ≥ byteLength, throw a RangeError exception. > > But this doesn't guarantee target in range of buffer. > For example, > > var view = new DataView(new ArrayBuffer(1)); > view.getUint32(0); > > In above example, calling GetValue(0, false, Uint32), and then totalOffset is > 0 and byteLength is 1, so a RangeError exception isn't thrown. But because > Uint32 requires 4 bytes, this access is out of range. > > I think we should check (totalOffset + ElementSize) > byteLength, right? > > -- > Regards, > Yusuke Suzuki > _______________________________________________ > es-discuss mailing list > [email protected] > https://mail.mozilla.org/listinfo/es-discuss
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
