From fbf7d8a205e9ecbefed5d72947c53272405d2cee Mon Sep 17 00:00:00 2001
From: Fabrice Bellard <fabrice@bellard.org>
Date: Mon, 21 Apr 2025 16:14:00 +0200
Subject: [PATCH] fixed detached TypedArray handling in Atomics operations

---
 quickjs.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/quickjs.c b/quickjs.c
index 85dc0d0..dffc3d6 100644
--- a/quickjs.c
+++ b/quickjs.c
@@ -53807,6 +53807,11 @@ static void *js_atomics_get_ptr(JSContext *ctx,
     if (JS_ToIndex(ctx, &idx, idx_val)) {
         return NULL;
     }
+    /* RevalidateAtomicAccess(): must test again detached after JS_ToIndex() */
+    if (abuf->detached) {
+        JS_ThrowTypeErrorDetachedArrayBuffer(ctx);
+        return NULL;
+    }
     /* if the array buffer is detached, p->u.array.count = 0 */
     if (idx >= p->u.array.count) {
         JS_ThrowRangeError(ctx, "out-of-bound access");