Reviewers: Michael Starzinger,
Message:
Michael, PTAL. Jakob this is FYI.
Description:
Harden DefineOrRedefineDataProperty.
Please review this at https://codereview.chromium.org/240973002/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+8, -0 lines):
M src/runtime.cc
Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index
67ac754fc3de9bd50ba45a669a71ac6040fc9bb0..07e498f7de0f9b64021249e9d26e821caf832d68
100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -5111,6 +5111,7 @@ RUNTIME_FUNCTION(MaybeObject*,
Runtime_DefineOrRedefineAccessorProperty) {
PropertyAttributes attr = static_cast<PropertyAttributes>(unchecked);
bool fast = obj->HasFastProperties();
+ // DefineAccessor checks access rights.
JSObject::DefineAccessor(obj, name, getter, setter, attr);
RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
if (fast) JSObject::TransformToFastProperties(obj, 0);
@@ -5134,6 +5135,13 @@ RUNTIME_FUNCTION(MaybeObject*,
Runtime_DefineOrRedefineDataProperty) {
RUNTIME_ASSERT((unchecked & ~(READ_ONLY | DONT_ENUM | DONT_DELETE)) ==
0);
PropertyAttributes attr = static_cast<PropertyAttributes>(unchecked);
+ // Check access rights if needed.
+ if (js_object->IsAccessCheckNeeded() &&
+ !isolate->MayNamedAccess(js_object, name, v8::ACCESS_SET)) {
+ isolate->ReportFailedAccessCheck(js_object, v8::ACCESS_SET);
+ RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
+ }
+
LookupResult lookup(isolate);
js_object->LocalLookupRealNamedProperty(*name, &lookup);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
