From 41386e9cb918eed93b3f13648cbef387e371e451 Mon Sep 17 00:00:00 2001
From: Lorry Tar Creator <lorry-tar-importer@lorry>
Date: Wed, 20 May 2015 09:56:07 +0000
Subject: webkitgtk-2.4.9

---
 Source/JavaScriptCore/runtime/ArrayBufferView.h | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

(limited to 'Source/JavaScriptCore/runtime/ArrayBufferView.h')

diff --git a/Source/JavaScriptCore/runtime/ArrayBufferView.h b/Source/JavaScriptCore/runtime/ArrayBufferView.h
index 3fc10b0dd..2b8f70d8b 100644
--- a/Source/JavaScriptCore/runtime/ArrayBufferView.h
+++ b/Source/JavaScriptCore/runtime/ArrayBufferView.h
@@ -10,10 +10,10 @@
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
@@ -77,20 +77,22 @@ public:
 
     JS_EXPORT_PRIVATE virtual ~ArrayBufferView();
 
-    // Helper to verify byte offset is size aligned.
-    static bool verifyByteOffsetAlignment(unsigned byteOffset, size_t size)
-    {
-        return !(byteOffset & (size - 1));
-    }
-
     // Helper to verify that a given sub-range of an ArrayBuffer is
     // within range.
-    static bool verifySubRangeLength(PassRefPtr<ArrayBuffer> buffer, unsigned byteOffset, unsigned numElements, size_t size)
+    // FIXME: This should distinguish between alignment errors and bounds errors.
+    // https://bugs.webkit.org/show_bug.cgi?id=125391
+    template <typename T>
+    static bool verifySubRange(
+        PassRefPtr<ArrayBuffer> buffer,
+        unsigned byteOffset,
+        unsigned numElements)
     {
         unsigned byteLength = buffer->byteLength();
+        if (sizeof(T) > 1 && byteOffset % sizeof(T))
+            return false;
         if (byteOffset > byteLength)
             return false;
-        unsigned remainingElements = (byteLength - byteOffset) / size;
+        unsigned remainingElements = (byteLength - byteOffset) / sizeof(T);
         if (numElements > remainingElements)
             return false;
         return true;
-- 
cgit v1.2.1