From: yangguo@chromium.org Date: Wed, 10 Sep 2014 12:31:13 +0000 (+0000) Subject: Fix JSReceiver::HasHiddenProperties wrt access-checked objects. X-Git-Tag: upstream/4.7.83~7011 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d3af5b67d2b3c5cffe1425ad8e96842e5c290eff;p=platform%2Fupstream%2Fv8.git Fix JSReceiver::HasHiddenProperties wrt access-checked objects. R=jkummerow@chromium.org BUG=chromium:411877 LOG=N Review URL: https://codereview.chromium.org/564443002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23839 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- diff --git a/src/objects.cc b/src/objects.cc index 62e33b7..79f20bb 100644 --- a/src/objects.cc +++ b/src/objects.cc @@ -4684,8 +4684,10 @@ void JSObject::DeleteHiddenProperty(Handle object, Handle key) { bool JSObject::HasHiddenProperties(Handle object) { Handle hidden = object->GetIsolate()->factory()->hidden_string(); LookupIterator it(object, hidden, LookupIterator::OWN_SKIP_INTERCEPTOR); - CHECK_NE(LookupIterator::ACCESS_CHECK, it.state()); - return it.IsFound(); + Maybe maybe = GetPropertyAttributes(&it); + // Cannot get an exception since the hidden_string isn't accessible to JS. + DCHECK(maybe.has_value); + return maybe.value != ABSENT; } diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc index 1a1879e..9124873 100644 --- a/test/cctest/test-api.cc +++ b/test/cctest/test-api.cc @@ -23000,3 +23000,19 @@ TEST(GetOwnPropertyDescriptor) { set->Call(x, 1, args); CHECK_EQ(v8_num(14), get->Call(x, 0, NULL)); } + + +TEST(Regress411877) { + v8::Isolate* isolate = CcTest::isolate(); + v8::HandleScope handle_scope(isolate); + v8::Handle object_template = + v8::ObjectTemplate::New(isolate); + object_template->SetAccessCheckCallbacks(NamedAccessCounter, + IndexedAccessCounter); + + v8::Handle context = Context::New(isolate); + v8::Context::Scope context_scope(context); + + context->Global()->Set(v8_str("o"), object_template->NewInstance()); + CompileRun("Object.getOwnPropertyNames(o)"); +}