| Index: src/runtime.cc
|
| diff --git a/src/runtime.cc b/src/runtime.cc
|
| index 67ac754fc3de9bd50ba45a669a71ac6040fc9bb0..0f8ef76d86b277f412045b60c64c99e3502edda5 100644
|
| --- a/src/runtime.cc
|
| +++ b/src/runtime.cc
|
| @@ -5111,6 +5111,7 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_DefineOrRedefineAccessorProperty) {
|
| PropertyAttributes attr = static_cast<PropertyAttributes>(unchecked);
|
|
|
| bool fast = obj->HasFastProperties();
|
| + // DefineAccessor checks access rights.
|
| JSObject::DefineAccessor(obj, name, getter, setter, attr);
|
| RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
|
| if (fast) JSObject::TransformToFastProperties(obj, 0);
|
| @@ -5134,6 +5135,12 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_DefineOrRedefineDataProperty) {
|
| RUNTIME_ASSERT((unchecked & ~(READ_ONLY | DONT_ENUM | DONT_DELETE)) == 0);
|
| PropertyAttributes attr = static_cast<PropertyAttributes>(unchecked);
|
|
|
| + // Check access rights if needed.
|
| + if (js_object->IsAccessCheckNeeded() &&
|
| + !isolate->MayNamedAccess(js_object, name, v8::ACCESS_SET)) {
|
| + return isolate->heap()->undefined_value();
|
| + }
|
| +
|
| LookupResult lookup(isolate);
|
| js_object->LocalLookupRealNamedProperty(*name, &lookup);
|
|
|
|
|
Chromium Code Reviews
Issue 240973002:
Harden DefineOrRedefineDataProperty. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge