[foozzie] Suppress .caller access with correctness fuzzing
Bug: chromium:1042556, chromium:1186279 Change-Id: I77e9967891efad4ce151e231f7f6461be2922ba7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2802291 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Auto-Submit: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#73798}
This commit is contained in:
parent
1f5da7a7af
commit
b19385f555
@ -701,7 +701,8 @@ void Accessors::FunctionCallerGetter(
|
|||||||
MaybeHandle<JSFunction> maybe_caller;
|
MaybeHandle<JSFunction> maybe_caller;
|
||||||
maybe_caller = FindCaller(isolate, function);
|
maybe_caller = FindCaller(isolate, function);
|
||||||
Handle<JSFunction> caller;
|
Handle<JSFunction> caller;
|
||||||
if (maybe_caller.ToHandle(&caller)) {
|
// We don't support caller access with correctness fuzzing.
|
||||||
|
if (!FLAG_correctness_fuzzer_suppressions && maybe_caller.ToHandle(&caller)) {
|
||||||
result = caller;
|
result = caller;
|
||||||
} else {
|
} else {
|
||||||
result = isolate->factory()->null_value();
|
result = isolate->factory()->null_value();
|
||||||
|
@ -119,3 +119,12 @@ assertEquals(unoptimized, callPow(6996));
|
|||||||
let then_called = false;
|
let then_called = false;
|
||||||
Atomics.waitAsync().value.then(() => {then_called = true;});
|
Atomics.waitAsync().value.then(() => {then_called = true;});
|
||||||
assertEquals(true, then_called);
|
assertEquals(true, then_called);
|
||||||
|
|
||||||
|
// Test .caller access is neutered.
|
||||||
|
function callee() {
|
||||||
|
assertEquals(null, callee.caller);
|
||||||
|
}
|
||||||
|
function caller() {
|
||||||
|
callee();
|
||||||
|
}
|
||||||
|
caller();
|
||||||
|
Loading…
Reference in New Issue
Block a user