[foozzie] Suppress .caller access with correctness fuzzing

Bug: chromium:1042556, chromium:1186279
Change-Id: I77e9967891efad4ce151e231f7f6461be2922ba7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2802291
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73798}
This commit is contained in:
Michael Achenbach 2021-04-02 11:05:59 +02:00 committed by Commit Bot
parent 1f5da7a7af
commit b19385f555
2 changed files with 11 additions and 1 deletions

View File

@ -701,7 +701,8 @@ void Accessors::FunctionCallerGetter(
MaybeHandle<JSFunction> maybe_caller; MaybeHandle<JSFunction> maybe_caller;
maybe_caller = FindCaller(isolate, function); maybe_caller = FindCaller(isolate, function);
Handle<JSFunction> caller; Handle<JSFunction> caller;
if (maybe_caller.ToHandle(&caller)) { // We don't support caller access with correctness fuzzing.
if (!FLAG_correctness_fuzzer_suppressions && maybe_caller.ToHandle(&caller)) {
result = caller; result = caller;
} else { } else {
result = isolate->factory()->null_value(); result = isolate->factory()->null_value();

View File

@ -119,3 +119,12 @@ assertEquals(unoptimized, callPow(6996));
let then_called = false; let then_called = false;
Atomics.waitAsync().value.then(() => {then_called = true;}); Atomics.waitAsync().value.then(() => {then_called = true;});
assertEquals(true, then_called); assertEquals(true, then_called);
// Test .caller access is neutered.
function callee() {
assertEquals(null, callee.caller);
}
function caller() {
callee();
}
caller();