Commit a7a14fde authored by ishell's avatar ishell Committed by Commit bot

[runtime] Don't crash when trying to access manually constructed CallSite object.

... but hit the runtime assert instead.
|
| Runtime error in ../src/runtime/runtime-internal.cc, line 409
|
| call_site.IsJavaScript() || call_site.IsWasm()
|

BUG=chromium:613905
LOG=N

Review-Url: https://codereview.chromium.org/2006603002
Cr-Commit-Position: refs/heads/master@{#36430}
parent e2e87969
...@@ -182,9 +182,14 @@ CallSite::CallSite(Isolate* isolate, Handle<JSObject> call_site_obj) ...@@ -182,9 +182,14 @@ CallSite::CallSite(Isolate* isolate, Handle<JSObject> call_site_obj)
// invalid: neither javascript nor wasm // invalid: neither javascript nor wasm
return; return;
} }
Handle<Object> maybe_wasm_obj = JSObject::GetDataProperty(
call_site_obj, isolate->factory()->call_site_wasm_obj_symbol());
if (!maybe_wasm_obj->IsJSObject()) {
// invalid: neither javascript nor wasm
return;
}
// wasm // wasm
wasm_obj_ = Handle<JSObject>::cast(JSObject::GetDataProperty( wasm_obj_ = Handle<JSObject>::cast(maybe_wasm_obj);
call_site_obj, isolate->factory()->call_site_wasm_obj_symbol()));
wasm_func_index_ = Smi::cast(*maybe_wasm_func_index)->value(); wasm_func_index_ = Smi::cast(*maybe_wasm_func_index)->value();
DCHECK(static_cast<int>(wasm_func_index_) >= 0); DCHECK(static_cast<int>(wasm_func_index_) >= 0);
} }
...@@ -205,11 +210,8 @@ Handle<Object> CallSite::GetFileName() { ...@@ -205,11 +210,8 @@ Handle<Object> CallSite::GetFileName() {
Handle<Object> CallSite::GetFunctionName() { Handle<Object> CallSite::GetFunctionName() {
if (IsWasm()) { if (IsWasm()) {
MaybeHandle<String> name; MaybeHandle<String> name = wasm::GetWasmFunctionName(
if (!wasm_obj_->IsUndefined()) { Handle<JSObject>::cast(wasm_obj_), wasm_func_index_);
name = wasm::GetWasmFunctionName(Handle<JSObject>::cast(wasm_obj_),
wasm_func_index_);
}
if (name.is_null()) return isolate_->factory()->null_value(); if (name.is_null()) return isolate_->factory()->null_value();
return name.ToHandleChecked(); return name.ToHandleChecked();
} }
......
// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
Error.prepareStackTrace = (e,s) => s;
var CallSiteConstructor = Error().stack[0].constructor;
try {
(new CallSiteConstructor(3, 6)).toString();
} catch (e) {
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment