Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Side by Side Diff: src/objects.cc

Issue 1378343002: Add access check to JSObject::IsExtensible. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/objects.h ('k') | src/runtime/runtime-object.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 the V8 project authors. All rights reserved. 1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/objects.h" 5 #include "src/objects.h"
6 6
7 #include <cmath> 7 #include <cmath>
8 #include <iomanip> 8 #include <iomanip>
9 #include <sstream> 9 #include <sstream>
10 10
(...skipping 4849 matching lines...) Expand 10 before | Expand all | Expand 10 after
4860 4860
4861 Maybe<bool> JSObject::CreateDataProperty(LookupIterator* it, 4861 Maybe<bool> JSObject::CreateDataProperty(LookupIterator* it,
4862 Handle<Object> value) { 4862 Handle<Object> value) {
4863 DCHECK(it->GetReceiver()->IsJSObject()); 4863 DCHECK(it->GetReceiver()->IsJSObject());
4864 Maybe<PropertyAttributes> maybe = JSReceiver::GetPropertyAttributes(it); 4864 Maybe<PropertyAttributes> maybe = JSReceiver::GetPropertyAttributes(it);
4865 if (maybe.IsNothing()) return Nothing<bool>(); 4865 if (maybe.IsNothing()) return Nothing<bool>();
4866 4866
4867 if (it->IsFound()) { 4867 if (it->IsFound()) {
4868 if (!it->IsConfigurable()) return Just(false); 4868 if (!it->IsConfigurable()) return Just(false);
4869 } else { 4869 } else {
4870 if (!JSObject::cast(*it->GetReceiver())->IsExtensible()) return Just(false); 4870 if (!JSObject::IsExtensible(Handle<JSObject>::cast(it->GetReceiver())))
4871 return Just(false);
4871 } 4872 }
4872 4873
4873 RETURN_ON_EXCEPTION_VALUE( 4874 RETURN_ON_EXCEPTION_VALUE(
4874 it->isolate(), 4875 it->isolate(),
4875 DefineOwnPropertyIgnoreAttributes(it, value, NONE, DONT_FORCE_FIELD), 4876 DefineOwnPropertyIgnoreAttributes(it, value, NONE, DONT_FORCE_FIELD),
4876 Nothing<bool>()); 4877 Nothing<bool>());
4877 4878
4878 return Just(true); 4879 return Just(true);
4879 } 4880 }
4880 4881
(...skipping 1128 matching lines...) Expand 10 before | Expand all | Expand 10 after
6009 RETURN_ON_EXCEPTION( 6010 RETURN_ON_EXCEPTION(
6010 isolate, 6011 isolate,
6011 EnqueueChangeRecord(object, "preventExtensions", Handle<Name>(), 6012 EnqueueChangeRecord(object, "preventExtensions", Handle<Name>(),
6012 isolate->factory()->the_hole_value()), 6013 isolate->factory()->the_hole_value()),
6013 Object); 6014 Object);
6014 } 6015 }
6015 return object; 6016 return object;
6016 } 6017 }
6017 6018
6018 6019
6019 bool JSObject::IsExtensible() { 6020 bool JSObject::IsExtensible(Handle<JSObject> object) {
6020 if (IsJSGlobalProxy()) { 6021 Isolate* isolate = object->GetIsolate();
6021 PrototypeIterator iter(GetIsolate(), this); 6022 if (object->IsAccessCheckNeeded() && !isolate->MayAccess(object)) {
6023 return true;
6024 }
6025 if (object->IsJSGlobalProxy()) {
6026 PrototypeIterator iter(isolate, *object);
6022 if (iter.IsAtEnd()) return false; 6027 if (iter.IsAtEnd()) return false;
6023 DCHECK(iter.GetCurrent()->IsJSGlobalObject()); 6028 DCHECK(iter.GetCurrent()->IsJSGlobalObject());
6024 return iter.GetCurrent<JSObject>()->map()->is_extensible(); 6029 return iter.GetCurrent<JSObject>()->map()->is_extensible();
6025 } 6030 }
6026 return map()->is_extensible(); 6031 return object->map()->is_extensible();
6027 } 6032 }
6028 6033
6029 6034
6030 template <typename Dictionary> 6035 template <typename Dictionary>
6031 static void ApplyAttributesToDictionary(Dictionary* dictionary, 6036 static void ApplyAttributesToDictionary(Dictionary* dictionary,
6032 const PropertyAttributes attributes) { 6037 const PropertyAttributes attributes) {
6033 int capacity = dictionary->Capacity(); 6038 int capacity = dictionary->Capacity();
6034 for (int i = 0; i < capacity; i++) { 6039 for (int i = 0; i < capacity; i++) {
6035 Object* k = dictionary->KeyAt(i); 6040 Object* k = dictionary->KeyAt(i);
6036 if (dictionary->IsKey(k) && 6041 if (dictionary->IsKey(k) &&
(...skipping 10818 matching lines...) Expand 10 before | Expand all | Expand 10 after
16855 if (cell->value() != *new_value) { 16860 if (cell->value() != *new_value) {
16856 cell->set_value(*new_value); 16861 cell->set_value(*new_value);
16857 Isolate* isolate = cell->GetIsolate(); 16862 Isolate* isolate = cell->GetIsolate();
16858 cell->dependent_code()->DeoptimizeDependentCodeGroup( 16863 cell->dependent_code()->DeoptimizeDependentCodeGroup(
16859 isolate, DependentCode::kPropertyCellChangedGroup); 16864 isolate, DependentCode::kPropertyCellChangedGroup);
16860 } 16865 }
16861 } 16866 }
16862 16867
16863 } // namespace internal 16868 } // namespace internal
16864 } // namespace v8 16869 } // namespace v8
OLDNEW
« no previous file with comments | « src/objects.h ('k') | src/runtime/runtime-object.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698