[njs] Fixed njs_object_property() with NJS_WHITEOUT properties.

Mon, 27 Feb 2023 22:16:00 -0800 

details:   https://hg.nginx.org/njs/rev/a79b6a75cfab
branches:  
changeset: 2055:a79b6a75cfab
user:      Dmitry Volyntsev <xei...@nginx.com>
date:      Mon Feb 27 22:14:36 2023 -0800
description:
Fixed njs_object_property() with NJS_WHITEOUT properties.

Previosly, an error object dumping might result in invalid pointer
dereference when 'name' or 'message' property of accessor descriptor
type was added and removed before.

The fix is to properly handle NJS_WHITEOUT properties.

This fixes #617 issue on Github.

diffstat:

 src/njs_object_prop.c    |   6 +++++-
 src/njs_value.c          |   9 ++++++---
 src/test/njs_unit_test.c |  10 ++++++++++
 3 files changed, 21 insertions(+), 4 deletions(-)

diffs (59 lines):

diff -r e4cef2c70d7c -r a79b6a75cfab src/njs_object_prop.c
--- a/src/njs_object_prop.c     Mon Feb 27 22:14:36 2023 -0800
+++ b/src/njs_object_prop.c     Mon Feb 27 22:14:36 2023 -0800
@@ -102,7 +102,11 @@ njs_object_property(njs_vm_t *vm, njs_ob
         ret = njs_lvlhsh_find(&object->hash, lhq);
 
         if (njs_fast_path(ret == NJS_OK)) {
-            goto found;
+            prop = lhq->value;
+
+            if (prop->type != NJS_WHITEOUT) {
+                goto found;
+            }
         }
 
         ret = njs_lvlhsh_find(&object->shared_hash, lhq);
diff -r e4cef2c70d7c -r a79b6a75cfab src/njs_value.c
--- a/src/njs_value.c   Mon Feb 27 22:14:36 2023 -0800
+++ b/src/njs_value.c   Mon Feb 27 22:14:36 2023 -0800
@@ -1487,13 +1487,16 @@ slow_path:
         return NJS_ERROR;
     }
 
-    /* GC: release value. */
     if (removed != NULL) {
-        njs_value_assign(removed, njs_prop_value(prop));
+        if (njs_is_valid(njs_prop_value(prop))) {
+            njs_value_assign(removed, njs_prop_value(prop));
+
+        } else {
+            njs_set_undefined(removed);
+        }
     }
 
     prop->type = NJS_WHITEOUT;
-    njs_set_invalid(njs_prop_value(prop));
 
     return NJS_OK;
 }
diff -r e4cef2c70d7c -r a79b6a75cfab src/test/njs_unit_test.c
--- a/src/test/njs_unit_test.c  Mon Feb 27 22:14:36 2023 -0800
+++ b/src/test/njs_unit_test.c  Mon Feb 27 22:14:36 2023 -0800
@@ -22855,6 +22855,16 @@ static njs_unit_test_t  njs_shell_test[]
     { njs_str("var a = []; Object.defineProperty(a, 'b', {enumerable: true, 
get: Object}); a" ENTER),
       njs_str("[\n b: '[Getter]'\n]") },
 
+    { njs_str("var e = Error()" ENTER
+              "Object.defineProperty(e, 'message', { configurable: true, set: 
Object })" ENTER
+              "delete e.message; e" ENTER),
+      njs_str("Error") },
+
+    { njs_str("var e = Error()" ENTER
+              "Object.defineProperty(e, 'message', { configurable: true, 
get(){ return 'foo'} })" ENTER
+              "e" ENTER),
+      njs_str("Error: foo") },
+
     /* Temporary indexes */
 
     { njs_str("var a = [1,2,3], i; for (i in a) {Object.seal({});}" ENTER),
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply via email to