Reviewers: Mads Ager,
Description:
Added access check to Runtime_GetPrototype.
BUG=93759
Please review this at http://codereview.chromium.org/7701023/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/runtime.cc
Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index
fd866bf85b4721713926fa199a8aeaf4d30e97dc..3b9dfcbacd01a492c09b3abbd99ffcd1d969d415
100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -684,6 +684,17 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_GetPrototype) {
NoHandleAllocation ha;
ASSERT(args.length() == 1);
Object* obj = args[0];
+ if (obj->IsJSGlobalProxy()) {
+ if (obj->IsAccessCheckNeeded() &&
+ !isolate->MayNamedAccess(JSGlobalProxy::cast(obj),
+ isolate->heap()->Proto_symbol(),
+ v8::ACCESS_GET)) {
+ isolate->ReportFailedAccessCheck(JSObject::cast(obj),
v8::ACCESS_GET);
+ return isolate->heap()->null_value();
+ }
+ obj = JSGlobalProxy::cast(obj)->GetPrototype();
+ if (!obj->IsJSObject()) return isolate->heap()->null_value();
+ }
do {
obj = obj->GetPrototype();
} while (obj->IsJSObject() &&
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
