LibJS: Use Array::create() length arg in favor of set_array_like_size()

This way we don't bypass the maximum length check.

2 files changed, 6 insertions, 4 deletions

diff --git a/Userland/Libraries/LibJS/Runtime/ArrayPrototype.cpp b/Userland/Libraries/LibJS/Runtime/ArrayPrototype.cpp
index 066823b8bf..4a0e4a190c 100644
--- a/Userland/Libraries/LibJS/Runtime/ArrayPrototype.cpp
+++ b/Userland/Libraries/LibJS/Runtime/ArrayPrototype.cpp
@@ -150,8 +150,9 @@ JS_DEFINE_NATIVE_FUNCTION(ArrayPrototype::map)
     auto initial_length = length_of_array_like(global_object, *this_object);
     if (vm.exception())
         return {};
-    auto* new_array = Array::create(global_object);
-    new_array->indexed_properties().set_array_like_size(initial_length);
+    auto* new_array = Array::create(global_object, initial_length);
+    if (vm.exception())
+        return {};
     for_each_item(vm, global_object, "map", [&](auto index, auto, auto callback_result) {
         if (vm.exception())
             return IterationDecision::Break;
diff --git a/Userland/Libraries/LibJS/Runtime/RegExpPrototype.cpp b/Userland/Libraries/LibJS/Runtime/RegExpPrototype.cpp
index 182d7a00fb..bd36f9986c 100644
--- a/Userland/Libraries/LibJS/Runtime/RegExpPrototype.cpp
+++ b/Userland/Libraries/LibJS/Runtime/RegExpPrototype.cpp
@@ -166,8 +166,9 @@ JS_DEFINE_NATIVE_FUNCTION(RegExpPrototype::exec)
     auto& match = result.matches[0];
 
     // FIXME: Do code point index correction if the Unicode flag is set.
-    auto* array = Array::create(global_object);
-    array->indexed_properties().set_array_like_size(result.n_capture_groups + 1);
+    auto* array = Array::create(global_object, result.n_capture_groups + 1);
+    if (vm.exception())
+        return {};
     array->define_property(vm.names.index, Value((i32)match.global_offset));
     array->define_property(vm.names.input, js_string(vm, str));
     array->indexed_properties().put(array, 0, js_string(vm, match.view.to_string()));