Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(582)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/builtins.cc

Issue 1575973006: [builtins] Sanitize receiver patching for API functions. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: REBASE. MIPS fixes. Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/arm64/builtins-arm64.cc ('k') | src/ia32/builtins-ia32.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/builtins.h" 5 #include "src/builtins.h"
6 6
7 #include "src/api.h" 7 #include "src/api.h"
8 #include "src/api-natives.h" 8 #include "src/api-natives.h"
9 #include "src/arguments.h" 9 #include "src/arguments.h"
10 #include "src/base/once.h" 10 #include "src/base/once.h"
(...skipping 3352 matching lines...) Expand 10 before | Expand all | Expand 10 after
3363 // 3363 //
3364 3364
3365 3365
3366 namespace { 3366 namespace {
3367 3367
3368 template <bool is_construct> 3368 template <bool is_construct>
3369 MUST_USE_RESULT MaybeHandle<Object> HandleApiCallHelper( 3369 MUST_USE_RESULT MaybeHandle<Object> HandleApiCallHelper(
3370 Isolate* isolate, BuiltinArguments<BuiltinExtraArguments::kTarget> args) { 3370 Isolate* isolate, BuiltinArguments<BuiltinExtraArguments::kTarget> args) {
3371 HandleScope scope(isolate); 3371 HandleScope scope(isolate);
3372 Handle<JSFunction> function = args.target(); 3372 Handle<JSFunction> function = args.target();
3373 DCHECK(args.receiver()->IsJSReceiver());
3373 // TODO(ishell): turn this back to a DCHECK. 3374 // TODO(ishell): turn this back to a DCHECK.
3374 CHECK(function->shared()->IsApiFunction()); 3375 CHECK(function->shared()->IsApiFunction());
3375 3376
3376 Handle<FunctionTemplateInfo> fun_data( 3377 Handle<FunctionTemplateInfo> fun_data(
3377 function->shared()->get_api_func_data(), isolate); 3378 function->shared()->get_api_func_data(), isolate);
3378 if (is_construct) { 3379 if (is_construct) {
3379 ASSIGN_RETURN_ON_EXCEPTION( 3380 ASSIGN_RETURN_ON_EXCEPTION(
3380 isolate, fun_data, 3381 isolate, fun_data,
3381 ApiNatives::ConfigureInstance(isolate, fun_data, 3382 ApiNatives::ConfigureInstance(isolate, fun_data,
3382 Handle<JSObject>::cast(args.receiver())), 3383 Handle<JSObject>::cast(args.receiver())),
3383 Object); 3384 Object);
3384 } 3385 }
3385 3386
3386 DCHECK(!args[0]->IsNull());
3387 if (args[0]->IsUndefined()) args[0] = function->global_proxy();
3388
3389 if (!is_construct && !fun_data->accept_any_receiver()) { 3387 if (!is_construct && !fun_data->accept_any_receiver()) {
3390 Handle<Object> receiver(&args[0]); 3388 Handle<JSReceiver> receiver = args.at<JSReceiver>(0);
3391 if (receiver->IsJSObject() && receiver->IsAccessCheckNeeded()) { 3389 if (receiver->IsJSObject() && receiver->IsAccessCheckNeeded()) {
3392 Handle<JSObject> js_receiver = Handle<JSObject>::cast(receiver); 3390 Handle<JSObject> js_receiver = Handle<JSObject>::cast(receiver);
3393 if (!isolate->MayAccess(handle(isolate->context()), js_receiver)) { 3391 if (!isolate->MayAccess(handle(isolate->context()), js_receiver)) {
3394 isolate->ReportFailedAccessCheck(js_receiver); 3392 isolate->ReportFailedAccessCheck(js_receiver);
3395 RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object); 3393 RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
3396 } 3394 }
3397 } 3395 }
3398 } 3396 }
3399 3397
3400 Object* raw_holder = fun_data->GetCompatibleReceiver(isolate, args[0]); 3398 Object* raw_holder = fun_data->GetCompatibleReceiver(isolate, args[0]);
(...skipping 564 matching lines...) Expand 10 before | Expand all | Expand 10 after
3965 BUILTIN_LIST_C(DEFINE_BUILTIN_ACCESSOR_C) 3963 BUILTIN_LIST_C(DEFINE_BUILTIN_ACCESSOR_C)
3966 BUILTIN_LIST_A(DEFINE_BUILTIN_ACCESSOR_A) 3964 BUILTIN_LIST_A(DEFINE_BUILTIN_ACCESSOR_A)
3967 BUILTIN_LIST_H(DEFINE_BUILTIN_ACCESSOR_H) 3965 BUILTIN_LIST_H(DEFINE_BUILTIN_ACCESSOR_H)
3968 BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A) 3966 BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A)
3969 #undef DEFINE_BUILTIN_ACCESSOR_C 3967 #undef DEFINE_BUILTIN_ACCESSOR_C
3970 #undef DEFINE_BUILTIN_ACCESSOR_A 3968 #undef DEFINE_BUILTIN_ACCESSOR_A
3971 3969
3972 3970
3973 } // namespace internal 3971 } // namespace internal
3974 } // namespace v8 3972 } // namespace v8
OLDNEW
« no previous file with comments | « src/arm64/builtins-arm64.cc ('k') | src/ia32/builtins-ia32.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698