Skip to content

V
V8
Commit ea11ffc6 authored by dcarney's avatar dcarney Committed by Commit bot
Browse files
Options

ExecutableAccessorInfo::clear_setter should set a null foreign pointer 

R=jkummerow@chromium.org
BUG=433458
LOG=N

Review URL: https://codereview.chromium.org/759683004

Cr-Commit-Position: refs/heads/master@{#25737}
parent aae66586
Hide whitespace changes
Inline Side-by-side
Showing with 30 additions and 1 deletion
src/objects-inl.h
View file @ ea11ffc6
......@@ -7022,7 +7022,9 @@ bool AccessorInfo::IsCompatibleReceiver(Object* receiver) {
void ExecutableAccessorInfo::clear_setter() {
set_setter(GetIsolate()->heap()->undefined_value(), SKIP_WRITE_BARRIER);
set_setter(*GetIsolate()->factory()->NewForeign(
reinterpret_cast<v8::internal::Address>(
reinterpret_cast<intptr_t>(nullptr))));
}
......
test/cctest/test-accessors.cc
View file @ ea11ffc6
......@@ -578,3 +578,30 @@ THREADED_TEST(GlobalObjectAccessor) {
CHECK(v8::Utils::OpenHandle(*CompileRun("getter()"))->IsJSGlobalProxy());
CHECK(v8::Utils::OpenHandle(*CompileRun("set_value"))->IsJSGlobalProxy());
}
static void EmptyGetter(Local<Name> name,
const v8::PropertyCallbackInfo<v8::Value>& info) {
ApiTestFuzzer::Fuzz();
}
static void OneProperty(Local<String> name,
const v8::PropertyCallbackInfo<v8::Value>& info) {
ApiTestFuzzer::Fuzz();
info.GetReturnValue().Set(v8_num(1));
}
THREADED_TEST(Regress433458) {
LocalContext env;
v8::Isolate* isolate = env->GetIsolate();
v8::HandleScope scope(isolate);
v8::Handle<v8::ObjectTemplate> obj = ObjectTemplate::New(isolate);
obj->SetHandler(v8::NamedPropertyHandlerConfiguration(EmptyGetter));
obj->SetNativeDataProperty(v8_str("prop"), OneProperty);
env->Global()->Set(v8_str("obj"), obj->NewInstance());
CompileRun(
"Object.defineProperty(obj, 'prop', { writable: false });"
"Object.defineProperty(obj, 'prop', { writable: true });");
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment