[v8-dev] Avoid calling overwritten toString methods for internal error (issue6304015)

[ager]

Reviewers: Søren Gjesse,

Description:
Avoid calling overwritten toString methods for internal error
formatting. I missed a couple of places. Extracting the error object
check to a separate function.
Please review this at http://codereview.chromium.org/6304015/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files:
  M src/messages.js
  M test/cctest/test-api.cc


Index: src/messages.js
diff --git a/src/messages.js b/src/messages.js
index  
4a89647577b05b205b62ebc30f65d365d271f1c2..932d64d2eac398298855555827f1643c135221e4  
100644
--- a/src/messages.js
+++ b/src/messages.js
@@ -90,21 +90,28 @@ function FormatString(format, args) {
 }


+// When formatting internally created error messages, do not
+// invoke overwritten error toString methods but explicitly use
+// the error to string method. This is to avoid leaking error
+// objects between script tags in a browser setting.
+function ToStringCheckErrorObject(obj) {
+  if (obj instanceof $Error) {
+    return %_CallFunction(obj, errorToString);
+  } else {
+    return ToString(obj);
+  }
+}
+
+
 function ToDetailString(obj) {
   if (obj != null && IS_OBJECT(obj) && obj.toString ===  
$Object.prototype.toString) {
     var constructor = obj.constructor;
-    if (!constructor) return ToString(obj);
+    if (!constructor) return ToStringCheckErrorObject(obj);
     var constructorName = constructor.name;
-    if (!constructorName) return ToString(obj);
+    if (!constructorName) return ToStringCheckErrorObject(obj);
     return "#<" + GetInstanceName(constructorName) + ">";
-  } else if (obj instanceof $Error) {
-    // When formatting internally created error messages, do not
-    // invoke overwritten error toString methods but explicitly use
-    // the error to string method. This is to avoid leaking error
-    // objects between script tags in a browser setting.
-    return %_CallFunction(obj, errorToString);
   } else {
-    return ToString(obj);
+    return ToStringCheckErrorObject(obj);
   }
 }

Index: test/cctest/test-api.cc
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index  
3bab67e6b24770549acc6d48bc21d0b6540a2731..de00fbba4635a2543775d74ba5e3efa5d8367a43  
100644
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -2379,6 +2379,10 @@ TEST(APIThrowMessageOverwrittenToString) {
   CompileRun("ReferenceError.prototype.toString ="
              "  function() { return 'Whoops' }");
   CompileRun("asdf;");
+  CompileRun("ReferenceError.prototype.constructor.name = void 0;");
+  CompileRun("asdf;");
+  CompileRun("ReferenceError.prototype.constructor = void 0;");
+  CompileRun("asdf;");
   v8::Handle<Value> string = CompileRun("try { asdf; } catch(e) { e + '';  
}");
   CHECK(string->Equals(v8_str("Whoops")));
   v8::V8::RemoveMessageListeners(check_message);


--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev