Skip to content

V
V8
Commit 2c8ca9ad authored by jochen's avatar jochen Committed by Commit bot
Browse files
Options

Make sure api interceptors don't change the store target w/o storing 

BUG=chromium:619166
R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2082633002
Cr-Commit-Position: refs/heads/master@{#37152}
parent 8c4e388e
Hide whitespace changes
Inline Side-by-side
Showing with 17 additions and 2 deletions
src/objects.cc
View file @ 2c8ca9ad
...@@ -4307,23 +4307,38 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it, ...@@ -4307,23 +4307,38 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,
return JSProxy::SetProperty(it->GetHolder<JSProxy>(), it->GetName(), return JSProxy::SetProperty(it->GetHolder<JSProxy>(), it->GetName(),
value, it->GetReceiver(), language_mode); value, it->GetReceiver(), language_mode);
case LookupIterator::INTERCEPTOR: case LookupIterator::INTERCEPTOR: {
Handle<Map> store_target_map =
handle(it->GetStoreTarget()->map(), it->isolate());
if (it->HolderIsReceiverOrHiddenPrototype()) { if (it->HolderIsReceiverOrHiddenPrototype()) {
Maybe<bool> result = Maybe<bool> result =
JSObject::SetPropertyWithInterceptor(it, should_throw, value); JSObject::SetPropertyWithInterceptor(it, should_throw, value);
if (result.IsNothing() || result.FromJust()) return result; if (result.IsNothing() || result.FromJust()) return result;
// Interceptor modified the store target but failed to set the
// property.
Utils::ApiCheck(*store_target_map == it->GetStoreTarget()->map(),
it->IsElement() ? "v8::IndexedPropertySetterCallback"
: "v8::NamedPropertySetterCallback",
"Interceptor silently changed store target.");
} else { } else {
Maybe<PropertyAttributes> maybe_attributes = Maybe<PropertyAttributes> maybe_attributes =
JSObject::GetPropertyAttributesWithInterceptor(it); JSObject::GetPropertyAttributesWithInterceptor(it);
if (!maybe_attributes.IsJust()) return Nothing<bool>(); if (!maybe_attributes.IsJust()) return Nothing<bool>();
if (maybe_attributes.FromJust() == ABSENT) break;
if ((maybe_attributes.FromJust() & READ_ONLY) != 0) { if ((maybe_attributes.FromJust() & READ_ONLY) != 0) {
return WriteToReadOnlyProperty(it, value, should_throw); return WriteToReadOnlyProperty(it, value, should_throw);
} }
// Interceptor modified the store target but failed to set the
// property.
Utils::ApiCheck(*store_target_map == it->GetStoreTarget()->map(),
it->IsElement() ? "v8::IndexedPropertySetterCallback"
: "v8::NamedPropertySetterCallback",
"Interceptor silently changed store target.");
if (maybe_attributes.FromJust() == ABSENT) break;
*found = false; *found = false;
return Nothing<bool>(); return Nothing<bool>();
} }
break; break;
}
case LookupIterator::ACCESSOR: { case LookupIterator::ACCESSOR: {
if (it->IsReadOnly()) { if (it->IsReadOnly()) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment