Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(518)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/builtins.cc

Issue 1036743004: add access checks to receivers on function callbacks (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: super nit Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/api.cc ('k') | src/hydrogen.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/builtins.cc
diff --git a/src/builtins.cc b/src/builtins.cc
index 71867e1962acef52f03b2d97ea55cf60be0c3e42..2457a956a7a801c59f6885aad59d3ca79b150bca 100644
--- a/src/builtins.cc
+++ b/src/builtins.cc
@@ -1044,6 +1044,17 @@ MUST_USE_RESULT static MaybeHandle<Object> HandleApiCallHelper(
DCHECK(!args[0]->IsNull());
if (args[0]->IsUndefined()) args[0] = function->global_proxy();
+ if (!is_construct && !fun_data->accept_any_receiver()) {
+ Handle<Object> receiver(&args[0]);
+ if (receiver->IsJSObject() && receiver->IsAccessCheckNeeded()) {
+ Handle<JSObject> js_receiver = Handle<JSObject>::cast(receiver);
+ if (!isolate->MayAccess(js_receiver)) {
+ isolate->ReportFailedAccessCheck(js_receiver);
+ RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
+ }
+ }
+ }
+
Object* raw_holder = fun_data->GetCompatibleReceiver(isolate, args[0]);
if (raw_holder->IsNull()) {
« no previous file with comments | « src/api.cc ('k') | src/hydrogen.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698