Skip to content

src: make accessors immune to context confusion #1238

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 23, 2015
Merged

src: make accessors immune to context confusion #1238

merged 2 commits into from
Mar 23, 2015

Conversation

bnoordhuis
Copy link
Member

It's possible for an accessor or named interceptor to get called with
a different execution context than the one it lives in, see the test
case for an example using the debug API.

This commit fortifies against that by passing the environment as a
data property instead of looking it up through the current context.

Fixes: #1190 (again)

R=@indutny? /cc @ofrobots

https://jenkins-iojs.nodesource.com/view/iojs/job/iojs+any-pr+multi/362/

bnoordhuis
bnoordhuis reviewed Mar 22, 2015
View reviewed changes
test/parallel/test-vm-debug-context.js
var Debug = vm.runInDebugContext('Debug');
var breaks = 0;

function ondebugevent(evt, exc) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note to self: add comment explaining that exceptions from debug event listeners are swallowed.

@mscdex mscdex added the c++ Issues and PRs that require attention from people who are familiar with C++. label Mar 23, 2015
indutny
indutny reviewed Mar 23, 2015
View reviewed changes
src/env-inl.h
inline Environment* Environment::GetCurrent(
const v8::PropertyCallbackInfo<v8::Value>& info) {
const v8::PropertyCallbackInfo<T>& info) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It doesn't look like this is actually needed anywhere. Is it just a new feature?

@indutny
Copy link
Member

indutny commented Mar 23, 2015

LGTM

@bnoordhuis
src: make accessors immune to context confusion
7e88a93 
It's possible for an accessor or named interceptor to get called with
a different execution context than the one it lives in, see the test
case for an example using the debug API.

This commit fortifies against that by passing the environment as a
data property instead of looking it up through the current context.

Fixes: nodejs#1190 (again)
PR-URL: nodejs#1238
Reviewed-By: Fedor Indutny <fedor@indutny.com>
@bnoordhuis
src: remove unnecessary environment lookups
2e5b87a 
Remove some unnecessary environment lookups and delete a few superfluous
HandleScope variables.

PR-URL: nodejs#1238
Reviewed-By: Fedor Indutny <fedor@indutny.com>
@bnoordhuis bnoordhuis force-pushed the fix-issue-1190-take2 branch from 868f585 to 2e5b87a Compare March 23, 2015 09:41
@bnoordhuis bnoordhuis closed this Mar 23, 2015
@bnoordhuis bnoordhuis deleted the fix-issue-1190-take2 branch March 23, 2015 09:41
@bnoordhuis bnoordhuis merged commit 2e5b87a into nodejs:v1.x Mar 23, 2015
@rvagg rvagg mentioned this pull request Mar 25, 2015
Closed
@Fishrock123 Fishrock123 mentioned this pull request Apr 9, 2015
Closed
This was referenced Jul 17, 2020
Open
Open
Open
Open
@MarcelRaschke MarcelRaschke mentioned this pull request Nov 5, 2022
Open
@aliscco aliscco mentioned this pull request Apr 25, 2023
Open
@jesec jesec mentioned this pull request Jul 4, 2023
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
c++ Issues and PRs that require attention from people who are familiar with C++.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bnoordhuis @indutny @mscdex