From 86fd161fdc594a62a7fdcee3cfa64e515ca8f2a4 Mon Sep 17 00:00:00 2001 From: "mstarzinger@chromium.org" Date: Mon, 17 Sep 2012 14:39:10 +0000 Subject: [PATCH] Fix casting error for receiver of interceptors. This fixes a casting error that occured when the receiver of a missed or uninitialized CallIC is a Smi and there is an interceptor installed on the prototype chain. R=yangguo@chromium.org BUG=chromium:149912 TEST=cctest/test-api/Regress149912 Review URL: https://codereview.chromium.org/10914317 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12531 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/objects.cc | 14 ++++++-------- src/objects.h | 6 +++--- test/cctest/test-api.cc | 10 ++++++++++ 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/src/objects.cc b/src/objects.cc index cbef145..d9e8b8b 100644 --- a/src/objects.cc +++ b/src/objects.cc @@ -651,11 +651,9 @@ MaybeObject* Object::GetProperty(Object* receiver, receiver, result->GetCallbackObject(), name); case HANDLER: return result->proxy()->GetPropertyWithHandler(receiver, name); - case INTERCEPTOR: { - JSObject* recvr = JSObject::cast(receiver); + case INTERCEPTOR: return result->holder()->GetPropertyWithInterceptor( - recvr, name, attributes); - } + receiver, name, attributes); case TRANSITION: case NONEXISTENT: UNREACHABLE(); @@ -10483,7 +10481,7 @@ InterceptorInfo* JSObject::GetIndexedInterceptor() { MaybeObject* JSObject::GetPropertyPostInterceptor( - JSReceiver* receiver, + Object* receiver, String* name, PropertyAttributes* attributes) { // Check local property in holder, ignore interceptor. @@ -10501,7 +10499,7 @@ MaybeObject* JSObject::GetPropertyPostInterceptor( MaybeObject* JSObject::GetLocalPropertyPostInterceptor( - JSReceiver* receiver, + Object* receiver, String* name, PropertyAttributes* attributes) { // Check local property in holder, ignore interceptor. @@ -10515,13 +10513,13 @@ MaybeObject* JSObject::GetLocalPropertyPostInterceptor( MaybeObject* JSObject::GetPropertyWithInterceptor( - JSReceiver* receiver, + Object* receiver, String* name, PropertyAttributes* attributes) { Isolate* isolate = GetIsolate(); InterceptorInfo* interceptor = GetNamedInterceptor(); HandleScope scope(isolate); - Handle receiver_handle(receiver); + Handle receiver_handle(receiver); Handle holder_handle(this); Handle name_handle(name); diff --git a/src/objects.h b/src/objects.h index c222086..be25736 100644 --- a/src/objects.h +++ b/src/objects.h @@ -1687,15 +1687,15 @@ class JSObject: public JSReceiver { String* name, PropertyAttributes* attributes); MUST_USE_RESULT MaybeObject* GetPropertyWithInterceptor( - JSReceiver* receiver, + Object* receiver, String* name, PropertyAttributes* attributes); MUST_USE_RESULT MaybeObject* GetPropertyPostInterceptor( - JSReceiver* receiver, + Object* receiver, String* name, PropertyAttributes* attributes); MUST_USE_RESULT MaybeObject* GetLocalPropertyPostInterceptor( - JSReceiver* receiver, + Object* receiver, String* name, PropertyAttributes* attributes); diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc index 7ba9e63..cb1a7a2 100644 --- a/test/cctest/test-api.cc +++ b/test/cctest/test-api.cc @@ -17469,6 +17469,16 @@ THREADED_TEST(Regress137496) { } +THREADED_TEST(Regress149912) { + v8::HandleScope scope; + LocalContext context; + Handle templ = FunctionTemplate::New(); + AddInterceptor(templ, EmptyInterceptorGetter, EmptyInterceptorSetter); + context->Global()->Set(v8_str("Bug"), templ->GetFunction()); + CompileRun("Number.prototype.__proto__ = new Bug; var x = 0; x.foo();"); +} + + #ifndef WIN32 class ThreadInterruptTest { public: -- 2.7.4