AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Add more checks for native callback results.

Browse Source 
R=svenpanne@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/10928083

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
yangguo@chromium.org 2012-09-10 13:38:21 +00:00
parent f6cd2403e3
commit 266cca47fc
6 changed files with 53 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/builtins.cc
View File

@ -1149,6 +1149,7 @@ MUST_USE_RESULT static MaybeObject* HandleApiCallHelper(
result = heap->undefined_value();
} else {
result = *reinterpret_cast<Object**>(*value);
result->VerifyApiCallResultType();
}
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
@ -1225,6 +1226,7 @@ MUST_USE_RESULT static MaybeObject* HandleApiCallAsFunctionOrConstructor(
result = heap->undefined_value();
} else {
result = *reinterpret_cast<Object**>(*value);
result->VerifyApiCallResultType();
}
}
// Check for exceptions and return result.

6
src/handles.cc
View File

@ -561,6 +561,9 @@ v8::Handle<v8::Array> GetKeysForNamedInterceptor(Handle<JSReceiver> receiver,
result = enum_fun(info);
}
}
#if ENABLE_EXTRA_CHECKS
CHECK(result.IsEmpty() || v8::Utils::OpenHandle(*result)->IsJSObject());
#endif
return result;
}
@ -581,6 +584,9 @@ v8::Handle<v8::Array> GetKeysForIndexedInterceptor(Handle<JSReceiver> receiver,
// Leaving JavaScript.
VMState state(isolate, EXTERNAL);
result = enum_fun(info);
#if ENABLE_EXTRA_CHECKS
CHECK(result.IsEmpty() || v8::Utils::OpenHandle(*result)->IsJSObject());
#endif
}
}
return result;

17
src/objects-inl.h
View File

@ -1664,6 +1664,23 @@ bool Object::IsStringObjectWithCharacterAt(uint32_t index) {
}
void Object::VerifyApiCallResultType() {
#if ENABLE_EXTRA_CHECKS
if (!(IsSmi() ||
IsString() ||
IsSpecObject() ||
IsHeapNumber() ||
IsUndefined() ||
IsTrue() ||
IsFalse() ||
IsNull())) {
FATAL("API call returned invalid object");
}
#endif // ENABLE_EXTRA_CHECKS
}
FixedArrayBase* FixedArrayBase::cast(Object* object) {
ASSERT(object->IsFixedArray() || object->IsFixedDoubleArray());
return reinterpret_cast<FixedArrayBase*>(object);

35
src/objects.cc
View File

@ -211,18 +211,7 @@ MaybeObject* JSObject::GetPropertyWithCallback(Object* receiver,
return isolate->heap()->undefined_value();
}
Object* return_value = *v8::Utils::OpenHandle(*result);
#if ENABLE_EXTRA_CHECKS
if (!(return_value->IsSmi() ||
return_value->IsString() ||
return_value->IsSpecObject() ||
return_value->IsHeapNumber() ||
return_value->IsUndefined() ||
return_value->IsTrue() ||
return_value->IsFalse() ||
return_value->IsNull())) {
FATAL("API call returned invalid object");
}
#endif
return_value->VerifyApiCallResultType();
return return_value;
}
@ -3805,7 +3794,9 @@ MaybeObject* JSObject::DeletePropertyWithInterceptor(String* name) {
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
if (!result.IsEmpty()) {
ASSERT(result->IsBoolean());
return *v8::Utils::OpenHandle(*result);
Handle<Object> result_internal = v8::Utils::OpenHandle(*result);
result_internal->VerifyApiCallResultType();
return *result_internal;
}
}
MaybeObject* raw_result =
@ -3840,7 +3831,9 @@ MaybeObject* JSObject::DeleteElementWithInterceptor(uint32_t index) {
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
if (!result.IsEmpty()) {
ASSERT(result->IsBoolean());
return *v8::Utils::OpenHandle(*result);
Handle<Object> result_internal = v8::Utils::OpenHandle(*result);
result_internal->VerifyApiCallResultType();
return *result_internal;
}
MaybeObject* raw_result = this_handle->GetElementsAccessor()->Delete(
*this_handle,
@ -9133,7 +9126,9 @@ MaybeObject* JSObject::GetElementWithCallback(Object* receiver,
}
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
if (result.IsEmpty()) return isolate->heap()->undefined_value();
return *v8::Utils::OpenHandle(*result);
Handle<Object> result_internal = v8::Utils::OpenHandle(*result);
result_internal->VerifyApiCallResultType();
return *result_internal;
}
// __defineGetter__ callback
@ -9952,7 +9947,11 @@ MaybeObject* JSObject::GetElementWithInterceptor(Object* receiver,
result = getter(index, info);
}
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
if (!result.IsEmpty()) return *v8::Utils::OpenHandle(*result);
if (!result.IsEmpty()) {
Handle<Object> result_internal = v8::Utils::OpenHandle(*result);
result_internal->VerifyApiCallResultType();
return *result_internal;
}
}
Heap* heap = holder_handle->GetHeap();
@ -10254,7 +10253,9 @@ MaybeObject* JSObject::GetPropertyWithInterceptor(
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
if (!result.IsEmpty()) {
*attributes = NONE;
return *v8::Utils::OpenHandle(*result);
Handle<Object> result_internal = v8::Utils::OpenHandle(*result);
result_internal->VerifyApiCallResultType();
return *result_internal;
}
}

2
src/objects.h
View File

@ -970,6 +970,8 @@ class Object : public MaybeObject {
static void VerifyPointer(Object* p);
#endif
inline void VerifyApiCallResultType();
// Prints this object without details.
inline void ShortPrint() {
ShortPrint(stdout);

10
src/stub-cache.cc
View File

@ -1005,7 +1005,9 @@ RUNTIME_FUNCTION(MaybeObject*, LoadCallbackProperty) {
}
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
if (result.IsEmpty()) return HEAP->undefined_value();
return *v8::Utils::OpenHandle(*result);
Handle<Object> result_internal = v8::Utils::OpenHandle(*result);
result_internal->VerifyApiCallResultType();
return *result_internal;
}
@ -1070,6 +1072,8 @@ RUNTIME_FUNCTION(MaybeObject*, LoadPropertyWithInterceptorOnly) {
}
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
if (!r.IsEmpty()) {
Handle<Object> result = v8::Utils::OpenHandle(*r);
result->VerifyApiCallResultType();
return *v8::Utils::OpenHandle(*r);
}
}
@ -1126,7 +1130,9 @@ static MaybeObject* LoadWithInterceptor(Arguments* args,
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
if (!r.IsEmpty()) {
*attrs = NONE;
return *v8::Utils::OpenHandle(*r);
Handle<Object> result = v8::Utils::OpenHandle(*r);
result->VerifyApiCallResultType();
return *result;
}
}