Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(207)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/objects.cc

Issue 2082633002: Make sure api interceptors don't change the store target w/o storing (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: updates Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 the V8 project authors. All rights reserved. 1 // Copyright 2015 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/objects.h" 5 #include "src/objects.h"
6 6
7 #include <cmath> 7 #include <cmath>
8 #include <iomanip> 8 #include <iomanip>
9 #include <sstream> 9 #include <sstream>
10 10
(...skipping 4291 matching lines...) Expand 10 before | Expand all | Expand 10 after
4302 // might still call into setters up the prototype chain. 4302 // might still call into setters up the prototype chain.
4303 return JSObject::SetPropertyWithFailedAccessCheck(it, value, 4303 return JSObject::SetPropertyWithFailedAccessCheck(it, value,
4304 should_throw); 4304 should_throw);
4305 4305
4306 case LookupIterator::JSPROXY: 4306 case LookupIterator::JSPROXY:
4307 return JSProxy::SetProperty(it->GetHolder<JSProxy>(), it->GetName(), 4307 return JSProxy::SetProperty(it->GetHolder<JSProxy>(), it->GetName(),
4308 value, it->GetReceiver(), language_mode); 4308 value, it->GetReceiver(), language_mode);
4309 4309
4310 case LookupIterator::INTERCEPTOR: 4310 case LookupIterator::INTERCEPTOR:
4311 if (it->HolderIsReceiverOrHiddenPrototype()) { 4311 if (it->HolderIsReceiverOrHiddenPrototype()) {
4312 Handle<Map> store_target_map =
4313 handle(it->GetStoreTarget()->map(), it->isolate());
4312 Maybe<bool> result = 4314 Maybe<bool> result =
4313 JSObject::SetPropertyWithInterceptor(it, should_throw, value); 4315 JSObject::SetPropertyWithInterceptor(it, should_throw, value);
4314 if (result.IsNothing() || result.FromJust()) return result; 4316 if (result.IsNothing() || result.FromJust()) return result;
4317 // Interceptor modified the store target but failed to set the
4318 // property.
4319 Utils::ApiCheck(*store_target_map == it->GetStoreTarget()->map(),
4320 it->IsElement() ? "v8::IndexedPropertySetterCallback"
4321 : "v8::NamedPropertySetterCallback",
4322 "Interceptor silently changed store target.");
4315 } else { 4323 } else {
4324 Handle<JSObject> store_target = it->GetStoreTarget();
4316 Maybe<PropertyAttributes> maybe_attributes = 4325 Maybe<PropertyAttributes> maybe_attributes =
4317 JSObject::GetPropertyAttributesWithInterceptor(it); 4326 JSObject::GetPropertyAttributesWithInterceptor(it);
4318 if (!maybe_attributes.IsJust()) return Nothing<bool>(); 4327 if (!maybe_attributes.IsJust()) return Nothing<bool>();
4319 if (maybe_attributes.FromJust() == ABSENT) break; 4328 if (maybe_attributes.FromJust() == ABSENT) break;
4320 if ((maybe_attributes.FromJust() & READ_ONLY) != 0) { 4329 if ((maybe_attributes.FromJust() & READ_ONLY) != 0) {
4321 return WriteToReadOnlyProperty(it, value, should_throw); 4330 return WriteToReadOnlyProperty(it, value, should_throw);
4322 } 4331 }
4332 // Interceptor modified the store target but failed to set the
4333 // property.
4334 Utils::ApiCheck(*store_target == *it->GetStoreTarget(),
Toon Verwaest 2016/06/21 13:09:24 Don't you want to do exactly the same check in bot
4335 it->IsElement() ? "v8::IndexedPropertySetterCallback"
4336 : "v8::NamedPropertySetterCallback",
4337 "Interceptor silently changed store target.");
4323 *found = false; 4338 *found = false;
4324 return Nothing<bool>(); 4339 return Nothing<bool>();
4325 } 4340 }
4326 break; 4341 break;
4327 4342
4328 case LookupIterator::ACCESSOR: { 4343 case LookupIterator::ACCESSOR: {
4329 if (it->IsReadOnly()) { 4344 if (it->IsReadOnly()) {
4330 return WriteToReadOnlyProperty(it, value, should_throw); 4345 return WriteToReadOnlyProperty(it, value, should_throw);
4331 } 4346 }
4332 Handle<Object> accessors = it->GetAccessors(); 4347 Handle<Object> accessors = it->GetAccessors();
(...skipping 14525 matching lines...) Expand 10 before | Expand all | Expand 10 after
18858 if (cell->value() != *new_value) { 18873 if (cell->value() != *new_value) {
18859 cell->set_value(*new_value); 18874 cell->set_value(*new_value);
18860 Isolate* isolate = cell->GetIsolate(); 18875 Isolate* isolate = cell->GetIsolate();
18861 cell->dependent_code()->DeoptimizeDependentCodeGroup( 18876 cell->dependent_code()->DeoptimizeDependentCodeGroup(
18862 isolate, DependentCode::kPropertyCellChangedGroup); 18877 isolate, DependentCode::kPropertyCellChangedGroup);
18863 } 18878 }
18864 } 18879 }
18865 18880
18866 } // namespace internal 18881 } // namespace internal
18867 } // namespace v8 18882 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698