src/objects.cc - Issue 2082633002: Make sure api interceptors don't change the store target w/o storing

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/objects.cc

Issue 2082633002: Make sure api interceptors don't change the store target w/o storing (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master

Patch Set: updates Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/objects.cc

diff --git a/src/objects.cc b/src/objects.cc

index a5da88a0b3b2e0b5e44b17e0918d17655ea38e09..d3212c64fe945dddb472bb7017dec53131d4057b 100644

--- a/src/objects.cc

+++ b/src/objects.cc

@@ -4309,10 +4309,19 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,

case LookupIterator::INTERCEPTOR:

if (it->HolderIsReceiverOrHiddenPrototype()) {

+ Handle<Map> store_target_map =

+ handle(it->GetStoreTarget()->map(), it->isolate());

Maybe<bool> result =

JSObject::SetPropertyWithInterceptor(it, should_throw, value);

if (result.IsNothing() || result.FromJust()) return result;

+ // Interceptor modified the store target but failed to set the

+ // property.

+ Utils::ApiCheck(*store_target_map == it->GetStoreTarget()->map(),

+ it->IsElement() ? "v8::IndexedPropertySetterCallback"

+ : "v8::NamedPropertySetterCallback",

+ "Interceptor silently changed store target.");

} else {

+ Handle<JSObject> store_target = it->GetStoreTarget();

Maybe<PropertyAttributes> maybe_attributes =

JSObject::GetPropertyAttributesWithInterceptor(it);

if (!maybe_attributes.IsJust()) return Nothing<bool>();

@@ -4320,6 +4329,12 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,

if ((maybe_attributes.FromJust() & READ_ONLY) != 0) {

return WriteToReadOnlyProperty(it, value, should_throw);

}

+ // Interceptor modified the store target but failed to set the

+ // property.

+ Utils::ApiCheck(*store_target == *it->GetStoreTarget(),

Toon Verwaest 2016/06/21 13:09:24 Don't you want to do exactly the same check in bot

+ it->IsElement() ? "v8::IndexedPropertySetterCallback"

+ : "v8::NamedPropertySetterCallback",

+ "Interceptor silently changed store target.");

*found = false;

return Nothing<bool>();

}

« no previous file with comments | « no previous file | no next file » | no next file with comments »