ExecutableAccessorInfo::clear_setter should set a null foreign pointer

R=jkummerow@chromium.org BUG=433458 LOG=N Review URL: https://codereview.chromium.org/759683004 Cr-Commit-Position: refs/heads/master@{#25737}
2014-12-10 02:18:00 -08:00 · 2014-12-10 02:18:00 -08:00 · ea11ffc65b
commit ea11ffc65b
parent aae665862f
2 changed files with 30 additions and 1 deletions
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@ -7022,7 +7022,9 @@ bool AccessorInfo::IsCompatibleReceiver(Object* receiver) {


 void ExecutableAccessorInfo::clear_setter() {
-  set_setter(GetIsolate()->heap()->undefined_value(), SKIP_WRITE_BARRIER);
+  set_setter(*GetIsolate()->factory()->NewForeign(
+      reinterpret_cast<v8::internal::Address>(
+          reinterpret_cast<intptr_t>(nullptr))));
 }


--- a/test/cctest/test-accessors.cc
+++ b/test/cctest/test-accessors.cc
@ -578,3 +578,30 @@ THREADED_TEST(GlobalObjectAccessor) {
  CHECK(v8::Utils::OpenHandle(*CompileRun("getter()"))->IsJSGlobalProxy());
  CHECK(v8::Utils::OpenHandle(*CompileRun("set_value"))->IsJSGlobalProxy());
 }
+
+
+static void EmptyGetter(Local<Name> name,
+                        const v8::PropertyCallbackInfo<v8::Value>& info) {
+  ApiTestFuzzer::Fuzz();
+}
+
+
+static void OneProperty(Local<String> name,
+                        const v8::PropertyCallbackInfo<v8::Value>& info) {
+  ApiTestFuzzer::Fuzz();
+  info.GetReturnValue().Set(v8_num(1));
+}
+
+
+THREADED_TEST(Regress433458) {
+  LocalContext env;
+  v8::Isolate* isolate = env->GetIsolate();
+  v8::HandleScope scope(isolate);
+  v8::Handle<v8::ObjectTemplate> obj = ObjectTemplate::New(isolate);
+  obj->SetHandler(v8::NamedPropertyHandlerConfiguration(EmptyGetter));
+  obj->SetNativeDataProperty(v8_str("prop"), OneProperty);
+  env->Global()->Set(v8_str("obj"), obj->NewInstance());
+  CompileRun(
+      "Object.defineProperty(obj, 'prop', { writable: false });"
+      "Object.defineProperty(obj, 'prop', { writable: true });");
+}