diff --git a/src/d8.gyp b/src/d8.gyp index 98ec04fc86..0e51baaaca 100644 --- a/src/d8.gyp +++ b/src/d8.gyp @@ -31,7 +31,7 @@ 'console%': '', # Enable support for Intel VTune. Supported on ia32/x64 only 'v8_enable_vtunejit%': 0, - 'v8_enable_i18n_support%': 0, + 'v8_enable_i18n_support%': 1, 'v8_toolset_for_d8%': 'target', }, 'includes': ['../build/toolchain.gypi', '../build/features.gypi'], diff --git a/src/handles.cc b/src/handles.cc index 830eb09602..47bab25d4e 100644 --- a/src/handles.cc +++ b/src/handles.cc @@ -537,10 +537,10 @@ Handle GetKeysInFixedArrayFor(Handle object, // Check access rights if required. if (current->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*current, - isolate->heap()->undefined_value(), - v8::ACCESS_KEYS)) { - isolate->ReportFailedAccessCheck(*current, v8::ACCESS_KEYS); + !isolate->MayNamedAccessWrapper(current, + isolate->factory()->undefined_value(), + v8::ACCESS_KEYS)) { + isolate->ReportFailedAccessCheckWrapper(current, v8::ACCESS_KEYS); if (isolate->has_scheduled_exception()) { isolate->PromoteScheduledException(); *threw = true; diff --git a/src/isolate.h b/src/isolate.h index 897197bc75..5dd0998731 100644 --- a/src/isolate.h +++ b/src/isolate.h @@ -741,6 +741,10 @@ class Isolate { v8::AccessType type) { return MayIndexedAccess(*receiver, index, type); } + void ReportFailedAccessCheckWrapper(Handle receiver, + v8::AccessType type) { + ReportFailedAccessCheck(*receiver, type); + } bool MayNamedAccess(JSObject* receiver, Object* key, diff --git a/src/objects.cc b/src/objects.cc index 32b1d2c6a3..fc12cf96b3 100644 --- a/src/objects.cc +++ b/src/objects.cc @@ -615,7 +615,7 @@ Handle JSObject::GetPropertyWithFailedAccessCheck( // No accessible property found. *attributes = ABSENT; - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_GET); + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_GET); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return isolate->factory()->undefined_value(); } @@ -3381,6 +3381,7 @@ MaybeObject* Map::AsElementsKind(ElementsKind kind) { void JSObject::LocalLookupRealNamedProperty(Name* name, LookupResult* result) { + DisallowHeapAllocation no_gc; if (IsJSGlobalProxy()) { Object* proto = GetPrototype(); if (proto->IsNull()) return result->NotFound(); @@ -3516,7 +3517,7 @@ Handle JSObject::SetPropertyWithFailedAccessCheck( } Isolate* isolate = object->GetIsolate(); - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_SET); + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return value; } @@ -4046,7 +4047,7 @@ Handle JSObject::SetPropertyForResult(Handle object, // Check access rights if needed. if (object->IsAccessCheckNeeded()) { - if (!isolate->MayNamedAccess(*object, *name, v8::ACCESS_SET)) { + if (!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) { return SetPropertyWithFailedAccessCheck(object, lookup, name, value, true, strict_mode); } @@ -4180,7 +4181,7 @@ Handle JSObject::SetLocalPropertyIgnoreAttributes( // Check access rights if needed. if (object->IsAccessCheckNeeded()) { - if (!isolate->MayNamedAccess(*object, *name, v8::ACCESS_SET)) { + if (!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) { return SetPropertyWithFailedAccessCheck(object, &lookup, name, value, false, kNonStrictMode); } @@ -5164,8 +5165,8 @@ Handle JSObject::DeleteElement(Handle object, // Check access rights if needed. if (object->IsAccessCheckNeeded() && - !isolate->MayIndexedAccess(*object, index, v8::ACCESS_DELETE)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_DELETE); + !isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_DELETE)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_DELETE); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return factory->false_value(); } @@ -5228,8 +5229,8 @@ Handle JSObject::DeleteProperty(Handle object, // Check access rights if needed. if (object->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*object, *name, v8::ACCESS_DELETE)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_DELETE); + !isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_DELETE)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_DELETE); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return isolate->factory()->false_value(); } @@ -5458,10 +5459,10 @@ Handle JSObject::PreventExtensions(Handle object) { if (!object->map()->is_extensible()) return object; if (object->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*object, - isolate->heap()->undefined_value(), - v8::ACCESS_KEYS)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_KEYS); + !isolate->MayNamedAccessWrapper(object, + isolate->factory()->undefined_value(), + v8::ACCESS_KEYS)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_KEYS); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return isolate->factory()->false_value(); } @@ -5538,10 +5539,10 @@ Handle JSObject::Freeze(Handle object) { Isolate* isolate = object->GetIsolate(); if (object->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*object, - isolate->heap()->undefined_value(), - v8::ACCESS_KEYS)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_KEYS); + !isolate->MayNamedAccessWrapper(object, + isolate->factory()->undefined_value(), + v8::ACCESS_KEYS)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_KEYS); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return isolate->factory()->false_value(); } @@ -6201,9 +6202,10 @@ void JSObject::DefinePropertyAccessor(Handle object, } -bool JSObject::CanSetCallback(Name* name) { - ASSERT(!IsAccessCheckNeeded() || - GetIsolate()->MayNamedAccess(this, name, v8::ACCESS_SET)); +bool JSObject::CanSetCallback(Handle object, Handle name) { + Isolate* isolate = object->GetIsolate(); + ASSERT(!object->IsAccessCheckNeeded() || + isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)); // Check if there is an API defined callback object which prohibits // callback overwriting in this object or its prototype chain. @@ -6211,15 +6213,15 @@ bool JSObject::CanSetCallback(Name* name) { // certain accessors such as window.location should not be allowed // to be overwritten because allowing overwriting could potentially // cause security problems. - LookupResult callback_result(GetIsolate()); - LookupCallbackProperty(name, &callback_result); + LookupResult callback_result(isolate); + object->LookupCallbackProperty(*name, &callback_result); if (callback_result.IsFound()) { - Object* obj = callback_result.GetCallbackObject(); - if (obj->IsAccessorInfo()) { - return !AccessorInfo::cast(obj)->prohibits_overwriting(); + Object* callback_obj = callback_result.GetCallbackObject(); + if (callback_obj->IsAccessorInfo()) { + return !AccessorInfo::cast(callback_obj)->prohibits_overwriting(); } - if (obj->IsAccessorPair()) { - return !AccessorPair::cast(obj)->prohibits_overwriting(); + if (callback_obj->IsAccessorPair()) { + return !AccessorPair::cast(callback_obj)->prohibits_overwriting(); } } return true; @@ -6326,8 +6328,8 @@ void JSObject::DefineAccessor(Handle object, Isolate* isolate = object->GetIsolate(); // Check access rights if needed. if (object->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*object, *name, v8::ACCESS_SET)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_SET); + !isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET); return; } @@ -6351,7 +6353,7 @@ void JSObject::DefineAccessor(Handle object, // Try to flatten before operating on the string. if (name->IsString()) String::cast(*name)->TryFlatten(); - if (!object->CanSetCallback(*name)) return; + if (!JSObject::CanSetCallback(object, name)) return; uint32_t index = 0; bool is_element = name->AsArrayIndex(&index); @@ -6518,8 +6520,8 @@ Handle JSObject::SetAccessor(Handle object, // Check access rights if needed. if (object->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*object, *name, v8::ACCESS_SET)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_SET); + !isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return factory->undefined_value(); } @@ -6538,7 +6540,9 @@ Handle JSObject::SetAccessor(Handle object, // Try to flatten before operating on the string. if (name->IsString()) FlattenString(Handle::cast(name)); - if (!object->CanSetCallback(*name)) return factory->undefined_value(); + if (!JSObject::CanSetCallback(object, name)) { + return factory->undefined_value(); + } uint32_t index = 0; bool is_element = name->AsArrayIndex(&index); @@ -6602,8 +6606,8 @@ Handle JSObject::GetAccessor(Handle object, // Check access rights if needed. if (object->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*object, *name, v8::ACCESS_HAS)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_HAS); + !isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_HAS)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return isolate->factory()->undefined_value(); } @@ -12514,8 +12518,8 @@ Handle JSObject::SetElement(Handle object, // Check access rights if needed. if (object->IsAccessCheckNeeded()) { - if (!isolate->MayIndexedAccess(*object, index, v8::ACCESS_SET)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_SET); + if (!isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_SET)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return value; } @@ -13343,8 +13347,8 @@ bool JSObject::HasRealNamedProperty(Handle object, SealHandleScope shs(isolate); // Check access rights if needed. if (object->IsAccessCheckNeeded()) { - if (!isolate->MayNamedAccess(*object, *key, v8::ACCESS_HAS)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_HAS); + if (!isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_HAS)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS); return false; } } @@ -13360,8 +13364,8 @@ bool JSObject::HasRealElementProperty(Handle object, uint32_t index) { SealHandleScope shs(isolate); // Check access rights if needed. if (object->IsAccessCheckNeeded()) { - if (!isolate->MayIndexedAccess(*object, index, v8::ACCESS_HAS)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_HAS); + if (!isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_HAS)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS); return false; } } @@ -13385,8 +13389,8 @@ bool JSObject::HasRealNamedCallbackProperty(Handle object, SealHandleScope shs(isolate); // Check access rights if needed. if (object->IsAccessCheckNeeded()) { - if (!isolate->MayNamedAccess(*object, *key, v8::ACCESS_HAS)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_HAS); + if (!isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_HAS)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS); return false; } } diff --git a/src/objects.h b/src/objects.h index 32741572b3..089d11dd0b 100644 --- a/src/objects.h +++ b/src/objects.h @@ -2923,7 +2923,7 @@ class JSObject: public JSReceiver { // Gets the current elements capacity and the number of used elements. void GetElementsCapacityAndUsage(int* capacity, int* used); - bool CanSetCallback(Name* name); + static bool CanSetCallback(Handle object, Handle name); static void SetElementCallback(Handle object, uint32_t index, Handle structure, diff --git a/src/runtime.cc b/src/runtime.cc index c49d24522d..2b94158db7 100644 --- a/src/runtime.cc +++ b/src/runtime.cc @@ -1621,7 +1621,8 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_GetPrototype) { !isolate->MayNamedAccessWrapper(Handle::cast(obj), isolate->factory()->proto_string(), v8::ACCESS_GET)) { - isolate->ReportFailedAccessCheck(JSObject::cast(*obj), v8::ACCESS_GET); + isolate->ReportFailedAccessCheckWrapper(Handle::cast(obj), + v8::ACCESS_GET); RETURN_IF_SCHEDULED_EXCEPTION(isolate); return isolate->heap()->undefined_value(); } @@ -1747,7 +1748,7 @@ static AccessCheckResult CheckPropertyAccess(Handle obj, return ACCESS_ALLOWED; } - obj->GetIsolate()->ReportFailedAccessCheck(*obj, access_type); + obj->GetIsolate()->ReportFailedAccessCheckWrapper(obj, access_type); return ACCESS_FORBIDDEN; } @@ -1786,7 +1787,7 @@ static AccessCheckResult CheckPropertyAccess(Handle obj, break; } - isolate->ReportFailedAccessCheck(*obj, access_type); + isolate->ReportFailedAccessCheckWrapper(obj, access_type); return ACCESS_FORBIDDEN; } @@ -5743,10 +5744,10 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_GetLocalPropertyNames) { if (obj->IsJSGlobalProxy()) { // Only collect names if access is permitted. if (obj->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*obj, - isolate->heap()->undefined_value(), - v8::ACCESS_KEYS)) { - isolate->ReportFailedAccessCheck(*obj, v8::ACCESS_KEYS); + !isolate->MayNamedAccessWrapper(obj, + isolate->factory()->undefined_value(), + v8::ACCESS_KEYS)) { + isolate->ReportFailedAccessCheckWrapper(obj, v8::ACCESS_KEYS); RETURN_IF_SCHEDULED_EXCEPTION(isolate); return *isolate->factory()->NewJSArray(0); } @@ -5763,10 +5764,10 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_GetLocalPropertyNames) { for (int i = 0; i < length; i++) { // Only collect names if access is permitted. if (jsproto->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*jsproto, - isolate->heap()->undefined_value(), - v8::ACCESS_KEYS)) { - isolate->ReportFailedAccessCheck(*jsproto, v8::ACCESS_KEYS); + !isolate->MayNamedAccessWrapper(jsproto, + isolate->factory()->undefined_value(), + v8::ACCESS_KEYS)) { + isolate->ReportFailedAccessCheckWrapper(jsproto, v8::ACCESS_KEYS); RETURN_IF_SCHEDULED_EXCEPTION(isolate); return *isolate->factory()->NewJSArray(0); } @@ -5914,9 +5915,10 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_LocalKeys) { if (object->IsJSGlobalProxy()) { // Do access checks before going to the global object. if (object->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*object, isolate->heap()->undefined_value(), - v8::ACCESS_KEYS)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_KEYS); + !isolate->MayNamedAccessWrapper(object, + isolate->factory()->undefined_value(), + v8::ACCESS_KEYS)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_KEYS); RETURN_IF_SCHEDULED_EXCEPTION(isolate); return *isolate->factory()->NewJSArray(0); } @@ -14718,8 +14720,9 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_IsAccessAllowedForObserver) { Handle key = args.at(2); SaveContext save(isolate); isolate->set_context(observer->context()); - if (!isolate->MayNamedAccess(*object, isolate->heap()->undefined_value(), - v8::ACCESS_KEYS)) { + if (!isolate->MayNamedAccessWrapper(object, + isolate->factory()->undefined_value(), + v8::ACCESS_KEYS)) { return isolate->heap()->false_value(); } bool access_allowed = false; @@ -14727,11 +14730,12 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_IsAccessAllowedForObserver) { if (key->ToArrayIndex(&index) || (key->IsString() && String::cast(*key)->AsArrayIndex(&index))) { access_allowed = - isolate->MayIndexedAccess(*object, index, v8::ACCESS_GET) && - isolate->MayIndexedAccess(*object, index, v8::ACCESS_HAS); + isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_GET) && + isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_HAS); } else { - access_allowed = isolate->MayNamedAccess(*object, *key, v8::ACCESS_GET) && - isolate->MayNamedAccess(*object, *key, v8::ACCESS_HAS); + access_allowed = + isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_GET) && + isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_HAS); } return isolate->heap()->ToBoolean(access_allowed); }