From: ager@chromium.org <ager@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Mon, 24 Jan 2011 07:59:40 +0000 (+0000)
Subject: Avoid calling overwritten toString methods for internal error
X-Git-Tag: upstream/4.7.83~20477
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b5151d118d1f95cb2b57965da0dbf2d5965a6ee2;p=platform%2Fupstream%2Fv8.git

Avoid calling overwritten toString methods for internal error
formatting. I missed a couple of places. Extracting the error object
check to a separate function.

Review URL: http://codereview.chromium.org/6304015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6435 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---

diff --git a/src/messages.js b/src/messages.js
index 4a8964757..932d64d2e 100644
--- a/src/messages.js
+++ b/src/messages.js
@@ -90,21 +90,28 @@ function FormatString(format, args) {
 }
 
 
+// When formatting internally created error messages, do not
+// invoke overwritten error toString methods but explicitly use
+// the error to string method. This is to avoid leaking error
+// objects between script tags in a browser setting.
+function ToStringCheckErrorObject(obj) {
+  if (obj instanceof $Error) {
+    return %_CallFunction(obj, errorToString);
+  } else {
+    return ToString(obj);
+  }
+}
+
+
 function ToDetailString(obj) {
   if (obj != null && IS_OBJECT(obj) && obj.toString === $Object.prototype.toString) {
     var constructor = obj.constructor;
-    if (!constructor) return ToString(obj);
+    if (!constructor) return ToStringCheckErrorObject(obj);
     var constructorName = constructor.name;
-    if (!constructorName) return ToString(obj);
+    if (!constructorName) return ToStringCheckErrorObject(obj);
     return "#<" + GetInstanceName(constructorName) + ">";
-  } else if (obj instanceof $Error) {
-    // When formatting internally created error messages, do not
-    // invoke overwritten error toString methods but explicitly use
-    // the error to string method. This is to avoid leaking error
-    // objects between script tags in a browser setting.
-    return %_CallFunction(obj, errorToString);
   } else {
-    return ToString(obj);
+    return ToStringCheckErrorObject(obj);
   }
 }
 
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index 3bab67e6b..de00fbba4 100644
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -2379,6 +2379,10 @@ TEST(APIThrowMessageOverwrittenToString) {
   CompileRun("ReferenceError.prototype.toString ="
              "  function() { return 'Whoops' }");
   CompileRun("asdf;");
+  CompileRun("ReferenceError.prototype.constructor.name = void 0;");
+  CompileRun("asdf;");
+  CompileRun("ReferenceError.prototype.constructor = void 0;");
+  CompileRun("asdf;");
   v8::Handle<Value> string = CompileRun("try { asdf; } catch(e) { e + ''; }");
   CHECK(string->Equals(v8_str("Whoops")));
   v8::V8::RemoveMessageListeners(check_message);