From: Dmitry Volyntsev <xeioex@nginx.com>
Date: Wed, 8 Jul 2020 13:07:05 +0000 (+0000)
Subject: Fixed Array.prototype.join() with TypeArray instance.
X-Git-Tag: 0.4.3~27
X-Git-Url: http://www.kaiwu.me/postgresql/commit/?a=commitdiff_plain;h=46b5e54092d0d72fc69162b61d4fad82d32383bd;p=njs.git

Fixed Array.prototype.join() with TypeArray instance.

Found by Clang static analyzer.
The issue was introduced in ccfa84cea2b3.
---

diff --git a/src/njs_array.c b/src/njs_array.c
index 918103e0..6f2559b0 100644
--- a/src/njs_array.c
+++ b/src/njs_array.c
@@ -1609,7 +1609,8 @@ njs_array_prototype_join(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
     njs_chb_init(&chain, vm->mem_pool);
 
     for (i = 0; i < len; i++) {
-        if (njs_fast_path(njs_object(this)->fast_array
+        if (njs_fast_path(array != NULL
+                          && array->object.fast_array
                           && njs_is_valid(&array->start[i])))
         {
             value = &array->start[i];
diff --git a/src/test/njs_unit_test.c b/src/test/njs_unit_test.c
index 6146fdd8..d0b7e567 100644
--- a/src/test/njs_unit_test.c
+++ b/src/test/njs_unit_test.c
@@ -3973,13 +3973,21 @@ static njs_unit_test_t  njs_test[] =
       njs_str(",,,false,true,0,1") },
 
     { njs_str("var o = { toString: function() { return null } };"
-                 "[o].join()"),
+              "[o].join()"),
       njs_str("null") },
 
     { njs_str("var o = { toString: function() { return undefined } };"
-                 "[o].join()"),
+              "[o].join()"),
       njs_str("undefined") },
 
+    { njs_str("var a = [0,,2,3];"
+              "Object.defineProperty(Array.prototype, 1, {get: ()=> {a[32] = 32; return 1}, configurable:true});"
+              "a.join()"),
+    njs_str("0,1,2,3") },
+
+    { njs_str("Array.prototype.join.call(new Uint8Array([0,1,2]))"),
+      njs_str("0,1,2") },
+
     { njs_str("var a = []; a[5] = 5; a"),
       njs_str(",,,,,5") },