diff options
| author | Anna Henningsen <anna@addaleax.net> | 2020-08-08 00:23:54 +0300 |
|---|---|---|
| committer | Anna Henningsen <anna@addaleax.net> | 2020-08-10 18:33:14 +0300 |
| commit | b8b5e1e5d0bff0103446f92c07cbea73df174e1f (patch) | |
| tree | 67ec94e13914313015ec846f6215408548bd76f4 /deps | |
| parent | 5b6cd6fa1a0b54393d96ee0b34bd5d9334a9faec (diff) | |
deps: V8: cherry-pick e06ace6b5cdb
Original commit message:
[api] Fix empty Maybe crash in GetRealNamedPropertyAttributes
`Object::GetRealNamedPropertyAttributes()` can crash if an empty
`Maybe` is returned by `JSReceiver::GetPropertyAttributes()` because
it was not checking for that. Fix that.
Refs: https://github.com/nodejs/node/issues/34606
Change-Id: Ic83f904ba7134786bcd8f786eb2ce98adb4fea1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335057
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69258}
Refs: https://github.com/v8/v8/commit/e06ace6b5cdb64b6abfe8e1229f2159b7a38b4e7
PR-URL: https://github.com/nodejs/node/pull/34673
Fixes: https://github.com/nodejs/node/issues/34606
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'deps')
| -rw-r--r-- | deps/v8/src/api/api.cc | 12 | ||||
| -rw-r--r-- | deps/v8/test/cctest/test-api.cc | 42 |
2 files changed, 49 insertions, 5 deletions
diff --git a/deps/v8/src/api/api.cc b/deps/v8/src/api/api.cc index 93780bceec4..0097683120a 100644 --- a/deps/v8/src/api/api.cc +++ b/deps/v8/src/api/api.cc @@ -4653,9 +4653,9 @@ Maybe<PropertyAttribute> v8::Object::GetRealNamedPropertyAttributesInPrototypeChain( Local<Context> context, Local<Name> key) { auto isolate = reinterpret_cast<i::Isolate*>(context->GetIsolate()); - ENTER_V8_NO_SCRIPT(isolate, context, Object, - GetRealNamedPropertyAttributesInPrototypeChain, - Nothing<PropertyAttribute>(), i::HandleScope); + ENTER_V8(isolate, context, Object, + GetRealNamedPropertyAttributesInPrototypeChain, + Nothing<PropertyAttribute>(), i::HandleScope); i::Handle<i::JSReceiver> self = Utils::OpenHandle(this); if (!self->IsJSObject()) return Nothing<PropertyAttribute>(); i::Handle<i::Name> key_obj = Utils::OpenHandle(*key); @@ -4668,6 +4668,7 @@ v8::Object::GetRealNamedPropertyAttributesInPrototypeChain( i::LookupIterator::PROTOTYPE_CHAIN_SKIP_INTERCEPTOR); Maybe<i::PropertyAttributes> result = i::JSReceiver::GetPropertyAttributes(&it); + has_pending_exception = result.IsNothing(); RETURN_ON_FAILED_EXECUTION_PRIMITIVE(PropertyAttribute); if (!it.IsFound()) return Nothing<PropertyAttribute>(); if (result.FromJust() == i::ABSENT) return Just(None); @@ -4692,14 +4693,15 @@ MaybeLocal<Value> v8::Object::GetRealNamedProperty(Local<Context> context, Maybe<PropertyAttribute> v8::Object::GetRealNamedPropertyAttributes( Local<Context> context, Local<Name> key) { auto isolate = reinterpret_cast<i::Isolate*>(context->GetIsolate()); - ENTER_V8_NO_SCRIPT(isolate, context, Object, GetRealNamedPropertyAttributes, - Nothing<PropertyAttribute>(), i::HandleScope); + ENTER_V8(isolate, context, Object, GetRealNamedPropertyAttributes, + Nothing<PropertyAttribute>(), i::HandleScope); i::Handle<i::JSReceiver> self = Utils::OpenHandle(this); i::Handle<i::Name> key_obj = Utils::OpenHandle(*key); i::LookupIterator::Key lookup_key(isolate, key_obj); i::LookupIterator it(isolate, self, lookup_key, self, i::LookupIterator::PROTOTYPE_CHAIN_SKIP_INTERCEPTOR); auto result = i::JSReceiver::GetPropertyAttributes(&it); + has_pending_exception = result.IsNothing(); RETURN_ON_FAILED_EXECUTION_PRIMITIVE(PropertyAttribute); if (!it.IsFound()) return Nothing<PropertyAttribute>(); if (result.FromJust() == i::ABSENT) { diff --git a/deps/v8/test/cctest/test-api.cc b/deps/v8/test/cctest/test-api.cc index 151076296b4..18f7738033f 100644 --- a/deps/v8/test/cctest/test-api.cc +++ b/deps/v8/test/cctest/test-api.cc @@ -11959,6 +11959,48 @@ THREADED_TEST(VariousGetPropertiesAndThrowingCallbacks) { CHECK(result.IsEmpty()); } +THREADED_TEST(GetRealNamedPropertyAttributes_With_Proxy) { + LocalContext context; + HandleScope scope(context->GetIsolate()); + + { + Local<Object> proxy = + CompileRun( + "new Proxy({ p: 1 }, { getOwnPropertyDescriptor: _ => { " + " throw new Error('xyz'); } });") + .As<Object>(); + TryCatch try_catch(context->GetIsolate()); + v8::Maybe<v8::PropertyAttribute> result = + proxy->GetRealNamedPropertyAttributes(context.local(), v8_str("p")); + CHECK(result.IsNothing()); + CHECK(try_catch.HasCaught()); + CHECK(try_catch.Exception() + .As<Object>() + ->Get(context.local(), v8_str("message")) + .ToLocalChecked() + ->StrictEquals(v8_str("xyz"))); + } + + { + Local<Object> proxy = + CompileRun( + "Object.create(" + " new Proxy({ p: 1 }, { getOwnPropertyDescriptor: _ => { " + " throw new Error('abc'); } }))") + .As<Object>(); + TryCatch try_catch(context->GetIsolate()); + v8::Maybe<v8::PropertyAttribute> result = + proxy->GetRealNamedPropertyAttributesInPrototypeChain(context.local(), + v8_str("p")); + CHECK(result.IsNothing()); + CHECK(try_catch.HasCaught()); + CHECK(try_catch.Exception() + .As<Object>() + ->Get(context.local(), v8_str("message")) + .ToLocalChecked() + ->StrictEquals(v8_str("abc"))); + } +} static void ThrowingCallbackWithTryCatch( const v8::FunctionCallbackInfo<v8::Value>& args) { |