Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(146)

Unified Diff: src/runtime.cc

Issue 6386022: Perform security checks before fetching the value in Object.getOwnPropertyDescriptor. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Created 9 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | test/cctest/test-api.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index b8133ae15e43e3fe08a65114cb60b4c0d8d5300d..96d07a859b296b5223d7355f56d1fbb591535b17 100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -745,35 +745,31 @@ static MaybeObject* Runtime_GetOwnProperty(Arguments args) {
if (!result.IsProperty()) {
return Heap::undefined_value();
}
- if (result.type() == CALLBACKS) {
- Object* structure = result.GetCallbackObject();
- if (structure->IsProxy() || structure->IsAccessorInfo()) {
- // Property that is internally implemented as a callback or
- // an API defined callback.
- Object* value;
- { MaybeObject* maybe_value = obj->GetPropertyWithCallback(
- *obj, structure, *name, result.holder());
- if (!maybe_value->ToObject(&value)) return maybe_value;
- }
- elms->set(IS_ACCESSOR_INDEX, Heap::false_value());
- elms->set(VALUE_INDEX, value);
- elms->set(WRITABLE_INDEX, Heap::ToBoolean(!result.IsReadOnly()));
- } else if (structure->IsFixedArray()) {
- // __defineGetter__/__defineSetter__ callback.
- elms->set(IS_ACCESSOR_INDEX, Heap::true_value());
- elms->set(GETTER_INDEX, FixedArray::cast(structure)->get(0));
- elms->set(SETTER_INDEX, FixedArray::cast(structure)->get(1));
- } else {
- return Heap::undefined_value();
- }
+
+ elms->set(ENUMERABLE_INDEX, Heap::ToBoolean(!result.IsDontEnum()));
+ elms->set(CONFIGURABLE_INDEX, Heap::ToBoolean(!result.IsDontDelete()));
+
+ bool is_js_accessor = (result.type() == CALLBACKS) &&
+ (result.GetCallbackObject()->IsFixedArray());
+
+ if (is_js_accessor) {
+ // __defineGetter__/__defineSetter__ callback.
+ FixedArray* structure = FixedArray::cast(result.GetCallbackObject());
+ elms->set(IS_ACCESSOR_INDEX, Heap::true_value());
+ elms->set(GETTER_INDEX, structure->get(0));
+ elms->set(SETTER_INDEX, structure->get(1));
} else {
elms->set(IS_ACCESSOR_INDEX, Heap::false_value());
- elms->set(VALUE_INDEX, result.GetLazyValue());
elms->set(WRITABLE_INDEX, Heap::ToBoolean(!result.IsReadOnly()));
+
+ PropertyAttributes attrs;
+ Object* value;
+ { MaybeObject* maybe_value = obj->GetProperty(*obj, &result, *name, &attrs);
+ if (!maybe_value->ToObject(&value)) return maybe_value;
+ }
+ elms->set(VALUE_INDEX, value);
}
- elms->set(ENUMERABLE_INDEX, Heap::ToBoolean(!result.IsDontEnum()));
- elms->set(CONFIGURABLE_INDEX, Heap::ToBoolean(!result.IsDontDelete()));
return *desc;
}
« no previous file with comments | « no previous file | test/cctest/test-api.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698