AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Fix d8.test.verifySourcePositions

Browse Source 
Add check, that passed argument is a HeapObject.

Bug: chromium:1196503
Change-Id: I23d951b5581781ad3c6867d81c765d13c329d3a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808936
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73820}
This commit is contained in:
Patrick Thier 2021-04-07 07:39:58 +00:00 committed by Commit Bot
parent 6fda802284
commit 59807ec552
2 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/d8/d8.cc
View File

@ -1815,19 +1815,21 @@ void Shell::TestVerifySourcePositions(
const v8::FunctionCallbackInfo<v8::Value>& args) {
Isolate* isolate = args.GetIsolate();
// Check if the argument is a valid function.
if (args.Length() != 1 ||
!i::Handle<i::HeapObject>::cast(Utils::OpenHandle(*args[0]))
->IsJSFunctionOrBoundFunction()) {
if (args.Length() != 1) {
Throw(isolate, "Expected function as single argument.");
return;
}
auto arg_handle = Utils::OpenHandle(*args[0]);
if (!arg_handle->IsHeapObject() || !i::Handle<i::HeapObject>::cast(arg_handle)
->IsJSFunctionOrBoundFunction()) {
Throw(isolate, "Expected function as single argument.");
return;
}
Local<Value> arg_fun = args[0];
i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate);
HandleScope handle_scope(isolate);
auto callable = i::Handle<i::JSFunctionOrBoundFunction>::cast(
Utils::OpenHandle(*arg_fun));
auto callable = i::Handle<i::JSFunctionOrBoundFunction>::cast(arg_handle);
while (callable->IsJSBoundFunction()) {
auto bound_function = i::Handle<i::JSBoundFunction>::cast(callable);
auto bound_target = bound_function->bound_target_function();

2
test/mjsunit/baseline/verify-bytecode-offsets.js
View File

@ -31,5 +31,7 @@ foo(obj, obj);
d8.test.verifySourcePositions(foo);
// Make sure invalid calls throw.
assertThrows(() => {d8.test.verifySourcePositions(0)});
assertThrows(() => {d8.test.verifySourcePositions(obj)});
assertThrows(() => {d8.test.verifySourcePositions(new Proxy(foo, {}))});
assertThrows(() => {d8.test.verifySourcePositions(%GetUndetectable())});