Fix for Proxy leaking in toString

toString on JS Proxies are leaking, see this sample code: undefined[Function.prototype.toString] undefined[new Proxy(Function.prototype.toString, {})] This change fixes the behavior. Patch credits to Yusif <yusif.khudhur@gmail.com> Change-Id: Id82a0a5c245469973452a3e6609cb91978274b8e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739980 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#73625}

Fix for Proxy leaking in toString
toString on JS Proxies are leaking, see this sample code: undefined[Function.prototype.toString] undefined[new Proxy(Function.prototype.toString, {})] This change fixes the behavior. Patch credits to Yusif <yusif.khudhur@gmail.com> Change-Id: Id82a0a5c245469973452a3e6609cb91978274b8e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739980 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#73625}
40e499cd · Niek van der Maas · Commit Bot · 9ca74651 · 40e499cd · 40e499cd
Commit 40e499cd authored Mar 12, 2021 by Niek van der Maas Committed by Commit Bot Mar 24, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

AUTHORS AUTHORS +2 -0

objects.cc src/objects/objects.cc +3 -0

test-object.cc test/cctest/test-object.cc +5 -0

No files found.
--- a/AUTHORS
+++ b/AUTHORS
@@ -167,6 +167,7 @@ Milton Chiang <milton.chiang@mediatek.com>
 Mu Tao <pamilty@gmail.com>
 Myeong-bo Shim <m0609.shim@samsung.com>
 Nicolas Antonius Ernst Leopold Maria Kaiser <nikai@nikai.net>
+Niek van der Maas <mail@niekvandermaas.nl>
 Niklas Hambüchen <mail@nh2.me>
 Noj Vek <nojvek@gmail.com>
 Oleksandr Chekhovskyi <oleksandr.chekhovskyi@gmail.com>
@@ -235,6 +236,7 @@ Yi Wang <wangyi8848@gmail.com>
 Yong Wang <ccyongwang@tencent.com>
 Youfeng Hao <ajihyf@gmail.com>
 Yu Yin <xwafish@gmail.com>
+Yusif Khudhur <yusif.khudhur@gmail.com>
 Zac Hansen <xaxxon@gmail.com>
 Zeynep Cankara <zeynepcankara402@gmail.com>
 Zhao Jiazhong <kyslie3100@gmail.com>

--- a/src/objects/objects.cc
+++ b/src/objects/objects.cc
@@ -461,6 +461,9 @@ Handle<String> Object::NoSideEffectsToString(Isolate* isolate,

  if (input->IsString() || input->IsNumber() || input->IsOddball()) {
    return Object::ToString(isolate, input).ToHandleChecked();
+  } else if (input->IsJSProxy()) {
+    HeapObject target = Handle<JSProxy>::cast(input)->target(isolate);
+    return NoSideEffectsToString(isolate, Handle<Object>(target, isolate));
  } else if (input->IsBigInt()) {
    MaybeHandle<String> maybe_string =
        BigInt::ToString(isolate, Handle<BigInt>::cast(input), 10, kDontThrow);

--- a/test/cctest/test-object.cc
+++ b/test/cctest/test-object.cc
@@ -77,6 +77,11 @@ TEST(NoSideEffectsToString) {
              "Error: fisk hest");
  CheckObject(isolate, factory->NewJSObject(isolate->object_function()),
              "#<Object>");
+  CheckObject(
+      isolate,
+      factory->NewJSProxy(factory->NewJSObject(isolate->object_function()),
+                          factory->NewJSObject(isolate->object_function())),
+      "#<Object>");
 }

 TEST(EnumCache) {