8077149: __noSuchProperty__ and __noSuchMethod__ invocations are not properly guarded
Reviewed-by: jlaskey, mhaupt
This commit is contained in:
Hannes Wallnöfer
parent
e1a6127998
commit
2df77e13ce
@ -1273,7 +1273,11 @@ public class ScriptFunction extends ScriptObject {
|
|||||||
// a new zeroth element that is set to bindName value.
|
// a new zeroth element that is set to bindName value.
|
||||||
final MethodType methodType = methodHandle.type();
|
final MethodType methodType = methodHandle.type();
|
||||||
final int parameterCount = methodType.parameterCount();
|
final int parameterCount = methodType.parameterCount();
|
||||||
final boolean isVarArg = parameterCount > 0 && methodType.parameterType(parameterCount - 1).isArray();
|
|
||||||
|
if (parameterCount < 2) {
|
||||||
|
return methodHandle; // method does not have enough parameters
|
||||||
|
}
|
||||||
|
final boolean isVarArg = methodType.parameterType(parameterCount - 1).isArray();
|
||||||
|
|
||||||
if (isVarArg) {
|
if (isVarArg) {
|
||||||
return MH.filterArguments(methodHandle, 1, MH.insertArguments(ADD_ZEROTH_ELEMENT, 1, bindName));
|
return MH.filterArguments(methodHandle, 1, MH.insertArguments(ADD_ZEROTH_ELEMENT, 1, bindName));
|
||||||
|
|||||||
@ -2172,6 +2172,21 @@ public abstract class ScriptObject implements PropertyAccess, Cloneable {
|
|||||||
return switchPoints.toArray(new SwitchPoint[0]);
|
return switchPoints.toArray(new SwitchPoint[0]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Similar to getProtoSwitchPoints method above, but used for additional prototype switchpoints of
|
||||||
|
// properties that are known not to exist, e.g. the original property name in a __noSuchProperty__ invocation.
|
||||||
|
private SwitchPoint getProtoSwitchPoint(final String name) {
|
||||||
|
if (getProto() == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
for (ScriptObject obj = this; obj.getProto() != null; obj = obj.getProto()) {
|
||||||
|
final ScriptObject parent = obj.getProto();
|
||||||
|
parent.getMap().addListener(name, obj.getMap());
|
||||||
|
}
|
||||||
|
|
||||||
|
return getMap().getSwitchPoint(name);
|
||||||
|
}
|
||||||
|
|
||||||
private void checkSharedProtoMap() {
|
private void checkSharedProtoMap() {
|
||||||
// Check if our map has an expected shared prototype property map. If it has, make sure that
|
// Check if our map has an expected shared prototype property map. If it has, make sure that
|
||||||
// the prototype map has not been invalidated, and that it does match the actual map of the prototype.
|
// the prototype map has not been invalidated, and that it does match the actual map of the prototype.
|
||||||
@ -2343,7 +2358,9 @@ public abstract class ScriptObject implements PropertyAccess, Cloneable {
|
|||||||
final boolean scopeCall = isScope() && NashornCallSiteDescriptor.isScope(desc);
|
final boolean scopeCall = isScope() && NashornCallSiteDescriptor.isScope(desc);
|
||||||
|
|
||||||
if (find == null) {
|
if (find == null) {
|
||||||
return noSuchProperty(desc, request);
|
return noSuchProperty(desc, request)
|
||||||
|
// Add proto switchpoint to switch from no-such-property to no-such-method if it is ever defined.
|
||||||
|
.addSwitchPoint(getProtoSwitchPoint(NO_SUCH_METHOD_NAME));
|
||||||
}
|
}
|
||||||
|
|
||||||
final boolean explicitInstanceOfCheck = explicitInstanceOfCheck(desc, request);
|
final boolean explicitInstanceOfCheck = explicitInstanceOfCheck(desc, request);
|
||||||
@ -2366,7 +2383,9 @@ public abstract class ScriptObject implements PropertyAccess, Cloneable {
|
|||||||
Object.class),
|
Object.class),
|
||||||
NashornGuards.combineGuards(
|
NashornGuards.combineGuards(
|
||||||
NashornGuards.getIdentityGuard(this),
|
NashornGuards.getIdentityGuard(this),
|
||||||
NashornGuards.getMapGuard(getMap(), true)));
|
NashornGuards.getMapGuard(getMap(), true)))
|
||||||
|
// Add a protoype switchpoint for the original name so this gets invalidated if it is ever defined.
|
||||||
|
.addSwitchPoint(getProtoSwitchPoint(name));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -2412,7 +2431,9 @@ public abstract class ScriptObject implements PropertyAccess, Cloneable {
|
|||||||
func),
|
func),
|
||||||
getProtoSwitchPoints(NO_SUCH_PROPERTY_NAME, find.getOwner()),
|
getProtoSwitchPoints(NO_SUCH_PROPERTY_NAME, find.getOwner()),
|
||||||
//TODO this doesn't need a ClassCastException as guard always checks script object
|
//TODO this doesn't need a ClassCastException as guard always checks script object
|
||||||
null);
|
null)
|
||||||
|
// Add a protoype switchpoint for the original name so this gets invalidated if it is ever defined.
|
||||||
|
.addSwitchPoint(getProtoSwitchPoint(name));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -29,7 +29,7 @@ import java.lang.invoke.SwitchPoint;
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* This class represents a property map that can be shared among multiple prototype objects, allowing all inheriting
|
* This class represents a property map that can be shared among multiple prototype objects, allowing all inheriting
|
||||||
* top-level objects to also share one property map. This is class is only used for prototype objects, the
|
* top-level objects to also share one property map. This class is only used for prototype objects, the
|
||||||
* top-level objects use ordinary {@link PropertyMap}s with the {@link PropertyMap#sharedProtoMap} field
|
* top-level objects use ordinary {@link PropertyMap}s with the {@link PropertyMap#sharedProtoMap} field
|
||||||
* set to the expected shared prototype map.
|
* set to the expected shared prototype map.
|
||||||
*
|
*
|
||||||
|
|||||||
53
nashorn/test/script/basic/JDK-8077149.js
Normal file
53
nashorn/test/script/basic/JDK-8077149.js
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
*
|
||||||
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License version 2 only, as
|
||||||
|
* published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
* accompanied this code).
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License version
|
||||||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*
|
||||||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
* or visit www.oracle.com if you need additional information or have any
|
||||||
|
* questions.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* JDK-8077149: __noSuchProperty__ and __noSuchMethod__ invocations are not properly guarded
|
||||||
|
*
|
||||||
|
* @test
|
||||||
|
* @run
|
||||||
|
*/
|
||||||
|
|
||||||
|
var o = {};
|
||||||
|
|
||||||
|
function invoke() {
|
||||||
|
return o._();
|
||||||
|
}
|
||||||
|
|
||||||
|
Object.prototype.__noSuchProperty__ = function() {
|
||||||
|
return function() { return "no such property" };
|
||||||
|
};
|
||||||
|
|
||||||
|
Assert.assertEquals(invoke(), "no such property");
|
||||||
|
|
||||||
|
Object.prototype.__noSuchMethod__ = function() {
|
||||||
|
return "no such method";
|
||||||
|
};
|
||||||
|
|
||||||
|
Assert.assertEquals(invoke(), "no such method");
|
||||||
|
|
||||||
|
Object.prototype._ = function() {
|
||||||
|
return "underscore method";
|
||||||
|
};
|
||||||
|
|
||||||
|
Assert.assertEquals(invoke(), "underscore method");
|
||||||
Loading…
Reference in New Issue
Block a user