lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

deps: backport 5c8cb16 from upstream V8 

Original Commit Message:
  [ic] Don't call LookupIterator::GetStoreTarget() when receiver is not a JSReceiver.

  BUG=chromium:619166,chromium:625155

  Review-Url: https://codereview.chromium.org/2175273002
  Cr-Commit-Position: refs/heads/master@{#38018}

PR-URL: https://github.com/nodejs/node/pull/9422
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: jasnell - James M Snell <jasnell@gmail.com>
Reviewed-By: targos - Michaël Zasso <mic.besace@gmail.com>
v6.x
Cristian Cavalli 8 years ago
committed by Ali Ijaz Sheikh
parent
39b4a1ca9b
commit
bda45b510c
4 changed files with 37 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      deps/v8/include/v8-version.h
  2. 1
      deps/v8/src/lookup.h
  3. 17
      deps/v8/src/objects.cc
  4. 19
      deps/v8/test/cctest/test-api-interceptors.cc

2
deps/v8/include/v8-version.h
View File

@ -11,7 +11,7 @@
#define V8_MAJOR_VERSION 5 #define V8_MAJOR_VERSION 5
#define V8_MINOR_VERSION 1 #define V8_MINOR_VERSION 1
#define V8_BUILD_NUMBER 281 #define V8_BUILD_NUMBER 281
#define V8_PATCH_LEVEL 85 #define V8_PATCH_LEVEL 86
// Use 1 for candidates and 0 otherwise. // Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.) // (Boolean macro values are not supported by all preprocessors.)

1
deps/v8/src/lookup.h
View File

@ -179,6 +179,7 @@ class LookupIterator final BASE_EMBEDDED {
Handle<Object> GetReceiver() const { return receiver_; } Handle<Object> GetReceiver() const { return receiver_; }
Handle<JSObject> GetStoreTarget() const { Handle<JSObject> GetStoreTarget() const {
DCHECK(receiver->IsJSObject());
if (receiver_->IsJSGlobalProxy()) { if (receiver_->IsJSGlobalProxy()) {
Map* map = JSGlobalProxy::cast(*receiver_)->map(); Map* map = JSGlobalProxy::cast(*receiver_)->map();
if (map->has_hidden_prototype()) { if (map->has_hidden_prototype()) {

17
deps/v8/src/objects.cc
View File

@ -4214,11 +4214,20 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,
return JSProxy::SetProperty(it->GetHolder<JSProxy>(), it->GetName(), return JSProxy::SetProperty(it->GetHolder<JSProxy>(), it->GetName(),
value, it->GetReceiver(), language_mode); value, it->GetReceiver(), language_mode);
case LookupIterator::INTERCEPTOR: case LookupIterator::INTERCEPTOR: {
Handle<Map> store_target_map;
if (it->GetReceiver()->IsJSObject()) {
store_target_map = handle(it->GetStoreTarget()->map(), it->isolate());
}
if (it->HolderIsReceiverOrHiddenPrototype()) { if (it->HolderIsReceiverOrHiddenPrototype()) {
Maybe<bool> result = Maybe<bool> result =
JSObject::SetPropertyWithInterceptor(it, should_throw, value); JSObject::SetPropertyWithInterceptor(it, should_throw, value);
if (result.IsNothing() || result.FromJust()) return result; if (result.IsNothing() || result.FromJust()) return result;
Utils::ApiCheck(store_target_map.is_null() ||
*store_target_map == it->GetStoreTarget()->map(),
it->IsElement() ? "v8::IndexedPropertySetterCallback"
: "v8::NamedPropertySetterCallback",
"Interceptor silently changed store target.");
} else { } else {
Maybe<PropertyAttributes> maybe_attributes = Maybe<PropertyAttributes> maybe_attributes =
JSObject::GetPropertyAttributesWithInterceptor(it); JSObject::GetPropertyAttributesWithInterceptor(it);
@ -4227,10 +4236,16 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,
if ((maybe_attributes.FromJust() & READ_ONLY) != 0) { if ((maybe_attributes.FromJust() & READ_ONLY) != 0) {
return WriteToReadOnlyProperty(it, value, should_throw); return WriteToReadOnlyProperty(it, value, should_throw);
} }
Utils::ApiCheck(store_target_map.is_null() ||
*store_target_map == it->GetStoreTarget()->map(),
it->IsElement() ? "v8::IndexedPropertySetterCallback"
: "v8::NamedPropertySetterCallback",
"Interceptor silently changed store target.");
*found = false; *found = false;
return Nothing<bool>(); return Nothing<bool>();
} }
break; break;
}
case LookupIterator::ACCESSOR: { case LookupIterator::ACCESSOR: {
if (it->IsReadOnly()) { if (it->IsReadOnly()) {

19
deps/v8/test/cctest/test-api-interceptors.cc
View File

@ -3245,6 +3245,25 @@ THREADED_TEST(Regress149912) {
CompileRun("Number.prototype.__proto__ = new Bug; var x = 0; x.foo();"); CompileRun("Number.prototype.__proto__ = new Bug; var x = 0; x.foo();");
} }
THREADED_TEST(Regress625155) {
LocalContext context;
v8::HandleScope scope(context->GetIsolate());
Local<FunctionTemplate> templ = FunctionTemplate::New(context->GetIsolate());
AddInterceptor(templ, EmptyInterceptorGetter, EmptyInterceptorSetter);
context->Global()
->Set(context.local(), v8_str("Bug"),
templ->GetFunction(context.local()).ToLocalChecked())
.FromJust();
CompileRun(
"Number.prototype.__proto__ = new Bug;"
"var x;"
"x = 0xdead;"
"x.boom = 0;"
"x = 's';"
"x.boom = 0;"
"x = 1.5;"
"x.boom = 0;");
}
THREADED_TEST(Regress125988) { THREADED_TEST(Regress125988) {
v8::HandleScope scope(CcTest::isolate()); v8::HandleScope scope(CcTest::isolate());

Write Preview
Loading…
Cancel
Save