Issue 8914: Add support for API accessors that prohibit overwriting by accessors...

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 8914: Add support for API accessors that prohibit overwriting by accessors... (Closed)

Created:
12 years, 1 month ago by Mads Ager (chromium)

Modified:
9 years, 7 months ago

Reviewers:
Feng Qian, Kasper Lund

CC:
v8-dev

Base URL:
http://v8.googlecode.com/svn/branches/bleeding_edge/

Visibility:
Public.

Description

Add support for API accessors that prohibit overwriting by accessors defined in JavaScript code by using __defineGetter__ and __defineSetter__. Also, disable access checks when configuring objects created from templates. Committed: http://code.google.com/p/v8/source/detail?r=656

Patch Set 1 #

Created: 12 years, 1 month ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+175 lines, -18 lines)			Patch
M	include/v8.h	View	1 chunk	+10 lines, -3 lines	0 comments	Download
M	src/api.cc	View	2 chunks	+2 lines, -1 line	0 comments	Download
M	src/apinatives.js	View	2 chunks	+3 lines, -0 lines	1 comment	Download
M	src/bootstrapper.cc	View	1 chunk	+1 line, -1 line	0 comments	Download
M	src/factory.cc	View	1 chunk	+1 line, -1 line	0 comments	Download
M	src/objects.h	View	4 chunks	+9 lines, -9 lines	0 comments	Download
M	src/objects.cc	View	2 chunks	+29 lines, -3 lines	1 comment	Download
M	src/objects-inl.h	View	2 chunks	+24 lines, -0 lines	0 comments	Download
M	src/runtime.h	View	1 chunk	+2 lines, -0 lines	0 comments	Download
M	src/runtime.cc	View	1 chunk	+17 lines, -0 lines	0 comments	Download
M	test/cctest/test-api.cc	View	1 chunk	+77 lines, -0 lines	0 comments	Download

Messages

Total messages: 3 (0 generated)

Expand Messages | Collapse Messages

Kasper Lund

LGTM. http://codereview.chromium.org/8914/diff/1/6 File src/apinatives.js (right): http://codereview.chromium.org/8914/diff/1/6#newcode94 Line 94: if (requires_access_checks) %EnableAccessChecks(obj); Should this be in ...

12 years, 1 month ago (2008-10-30 12:32:27 UTC) #2

Feng Qian

11 years, 11 months ago (2009-01-14 21:01:14 UTC) #3

hi this is wrong

You cannot turn off access check on an object and turn it on again.
Access check bit is set on Function's initial map, and an instance shares the
same map when it is created, then it is turned off, but the object can get a new
map when adding properties to it, turn-on check only modifies object's new map,
but not the old map.

This is likely the cause of the security issue 6264.


On 2008/10/30 11:42:35, Mads Ager wrote:
>

Expand Messages | Collapse Messages