Commit 82451d45 authored by Alexey Kozyatinskiy's avatar Alexey Kozyatinskiy Committed by Commit Bot

[inspector] doesn't run user code to stringify console method arg

Otherwise user code can produce an exception and we will crash.

R=jakob@chromium.org

Bug: chromium:736302
Change-Id: I078150909b0348a63e8c375b508e34fc4751b4ab
Reviewed-on: https://chromium-review.googlesource.com/565628
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46566}
parent 1c25b9a5
...@@ -112,6 +112,10 @@ class ConsoleHelper { ...@@ -112,6 +112,10 @@ class ConsoleHelper {
String16 firstArgToString(const String16& defaultValue) { String16 firstArgToString(const String16& defaultValue) {
if (m_info.Length() < 1) return defaultValue; if (m_info.Length() < 1) return defaultValue;
v8::Local<v8::String> titleValue; v8::Local<v8::String> titleValue;
v8::TryCatch tryCatch(m_context->GetIsolate());
v8::Isolate::DisallowJavascriptExecutionScope throwJs(
m_context->GetIsolate(),
v8::Isolate::DisallowJavascriptExecutionScope::THROW_ON_FAILURE);
if (m_info[0]->IsObject()) { if (m_info[0]->IsObject()) {
if (!m_info[0].As<v8::Object>()->ObjectProtoToString(m_context).ToLocal( if (!m_info[0].As<v8::Object>()->ObjectProtoToString(m_context).ToLocal(
&titleValue)) &titleValue))
......
crbug.com/736302
{
method : Runtime.consoleAPICalled
params : {
args : [
[0] : {
type : string
value : 1
}
]
executionContextId : <executionContextId>
stackTrace : {
callFrames : [
[0] : {
columnNumber : 10
functionName :
lineNumber : 1
scriptId : <scriptId>
url :
}
]
}
timestamp : <timestamp>
type : count
}
}
{
type : undefined
}
// Copyright 2017 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
let {session, contextGroup, Protocol} = InspectorTest.start('crbug.com/736302');
(async function main() {
Protocol.Runtime.enable();
Protocol.Runtime.onConsoleAPICalled(InspectorTest.logMessage);
let r = await Protocol.Runtime.evaluate({expression: `
console.count({
get [Symbol.toStringTag]() {
throw new Error();
}
});`});
InspectorTest.logMessage(r.result.result);
InspectorTest.completeTest();
})();
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment