[v8-dev] Fix JSReceiver::HasHiddenProperties wrt access-checked objects. (issue 564443002 by [email protected])

Wed, 10 Sep 2014 05:12:50 -0700 

Reviewers: Jakob,

Description:
Fix JSReceiver::HasHiddenProperties wrt access-checked objects.

[email protected]
BUG=chromium:411877
LOG=N

Please review this at https://codereview.chromium.org/564443002/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files (+20, -2 lines):
  M src/objects.cc
  M test/cctest/test-api.cc


Index: src/objects.cc
diff --git a/src/objects.cc b/src/objects.cc
index 62e33b7a7326579dc6cff398a80a5580bc39a8c0..79f20bb994f32608c5c95c76d697a8104ed4c558 100644 
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -4684,8 +4684,10 @@ void JSObject::DeleteHiddenProperty(Handle<JSObject> object, Handle<Name> key) { 
 bool JSObject::HasHiddenProperties(Handle<JSObject> object) {
   Handle<Name> hidden = object->GetIsolate()->factory()->hidden_string();
   LookupIterator it(object, hidden, LookupIterator::OWN_SKIP_INTERCEPTOR);
-  CHECK_NE(LookupIterator::ACCESS_CHECK, it.state());
-  return it.IsFound();
+  Maybe<PropertyAttributes> maybe = GetPropertyAttributes(&it);
+ // Cannot get an exception since the hidden_string isn't accessible to JS. 
+  DCHECK(maybe.has_value);
+  return maybe.value != ABSENT;
 }


Index: test/cctest/test-api.cc
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index 1a1879e8ef6f47ef689fcd68eb46e9df6879c8c4..9124873434146890d2b87b159d2cc6bab8fd0665 100644 
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -23000,3 +23000,19 @@ TEST(GetOwnPropertyDescriptor) {
   set->Call(x, 1, args);
   CHECK_EQ(v8_num(14), get->Call(x, 0, NULL));
 }
+
+
+TEST(Regress411877) {
+  v8::Isolate* isolate = CcTest::isolate();
+  v8::HandleScope handle_scope(isolate);
+  v8::Handle<v8::ObjectTemplate> object_template =
+      v8::ObjectTemplate::New(isolate);
+  object_template->SetAccessCheckCallbacks(NamedAccessCounter,
+                                           IndexedAccessCounter);
+
+  v8::Handle<Context> context = Context::New(isolate);
+  v8::Context::Scope context_scope(context);
+
+  context->Global()->Set(v8_str("o"), object_template->NewInstance());
+  CompileRun("Object.getOwnPropertyNames(o)");
+}


--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to