LibJS: Have Uint8ClampedArray delegate OOB accesses to JS::Object

Uint8ClampedArray itself only cares about legitimate in-bounds accesses
since that's what where the specialization happens.

Libraries/LibJS/Runtime/Object.h

@@ -163,9 +163,10 @@ protected:
     explicit Object(GlobalObjectTag);
     Object(ConstructWithoutPrototypeTag, GlobalObject&);
 
-private:
     virtual Value get_by_index(u32 property_index) const;
     virtual bool put_by_index(u32 property_index, Value);
+
+private:
     bool put_own_property(Object& this_object, const StringOrSymbol& property_name, Value, PropertyAttributes attributes, PutOwnPropertyMode = PutOwnPropertyMode::Put, bool throw_exceptions = true);
     bool put_own_property_by_index(Object& this_object, u32 property_index, Value, PropertyAttributes attributes, PutOwnPropertyMode = PutOwnPropertyMode::Put, bool throw_exceptions = true);
 

Libraries/LibJS/Runtime/Uint8ClampedArray.cpp

@@ -67,8 +67,8 @@ JS_DEFINE_NATIVE_GETTER(Uint8ClampedArray::length_getter)
 
 bool Uint8ClampedArray::put_by_index(u32 property_index, Value value)
 {
-    // FIXME: Use attributes
-    ASSERT(property_index < m_length);
+    if (property_index >= m_length)
+        return Base::put_by_index(property_index, value);
     auto number = value.to_i32(global_object());
     if (vm().exception())
         return {};
@@ -78,7 +78,8 @@ bool Uint8ClampedArray::put_by_index(u32 property_index, Value value)
 
 Value Uint8ClampedArray::get_by_index(u32 property_index) const
 {
-    ASSERT(property_index < m_length);
+    if (property_index >= m_length)
+        return Base::get_by_index(property_index);
     return Value((i32)m_data[property_index]);
 }