Comment #5 on issue 4168 by [email protected]: Array.of/from
use %AddElement unsafely
https://code.google.com/p/v8/issues/detail?id=4168
%AddElement will throw if passed a non-JSObject, as it uses
CONVERT_ARG_HANDLE_CHECKED. So random stuff is not going to happen if a
JSProxy is passed in (though we will throw an "illegal access" exception;
this can be easily fixed by adding an %_IsJSProxy() check on the result if
we want to support Proxies). Also, JSObject::SetElement, which %AddElement
calls, properly unwraps the JSGlobalProxy, so the global proxy should be
fine.
I'm not aware of any other worrisome cases...are there other objects you're
thinking of where %AddElement could do something bad?
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
