projects / platform / upstream / v8.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fc71f7f)
Expect access check in JSObject::DefineAccessor.
authoryangguo@chromium.org <yangguo@chromium.org>
Thu, 11 Sep 2014 12:16:33 +0000 (12:16 +0000)
committeryangguo@chromium.org <yangguo@chromium.org>
Thu, 11 Sep 2014 12:16:33 +0000 (12:16 +0000)
R=ulan@chromium.org, verwaest@chromium.org
BUG=chromium:411793
LOG=N

Review URL: https://codereview.chromium.org/559403002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23874 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/objects.cc patch | blob | history
test/cctest/test-api.cc patch | blob | history

diff --git a/src/objects.cc b/src/objects.cc
index 4459a5b..f73d33f 100644 (file)
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -6147,7 +6147,10 @@ MaybeHandle<Object> JSObject::DefineAccessor(Handle<JSObject> object,
     // At least one of the accessors needs to be a new value.
     DCHECK(!getter->IsNull() || !setter->IsNull());
     LookupIterator it(object, name, LookupIterator::OWN_SKIP_INTERCEPTOR);
-    CHECK_NE(LookupIterator::ACCESS_CHECK, it.state());
+    if (it.state() == LookupIterator::ACCESS_CHECK) {
+      // We already did an access check before. We do have access.
+      it.Next();
+    }
     if (!getter->IsNull()) {
       it.TransitionToAccessorProperty(ACCESSOR_GETTER, getter, attributes);
     }
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index 75c5b8e..f3c0580 100644 (file)
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -23035,3 +23035,21 @@ TEST(GetHiddenPropertyTableAfterAccessCheck) {
 
   obj->SetHiddenValue(v8_str("hidden key 2"), v8_str("hidden value 2"));
 }
+
+
+TEST(Regress411793) {
+  v8::Isolate* isolate = CcTest::isolate();
+  v8::HandleScope handle_scope(isolate);
+  v8::Handle<v8::ObjectTemplate> object_template =
+      v8::ObjectTemplate::New(isolate);
+  object_template->SetAccessCheckCallbacks(NamedAccessCounter,
+                                           IndexedAccessCounter);
+
+  v8::Handle<Context> context = Context::New(isolate);
+  v8::Context::Scope context_scope(context);
+
+  context->Global()->Set(v8_str("o"), object_template->NewInstance());
+  CompileRun(
+      "Object.defineProperty(o, 'key', "
+      "    { get: function() {}, set: function() {} });");
+}
Domain: Web Framework / Web Engine;