Skip to content

Commit

Permalink
Fix for Proxy leaking in toString
Browse files Browse the repository at this point in the history 
toString on JS Proxies are leaking, see this sample code:

undefined[Function.prototype.toString]
undefined[new Proxy(Function.prototype.toString, {})]

This change fixes the behavior.

Patch credits to Yusif <yusif.khudhur@gmail.com>

Change-Id: Id82a0a5c245469973452a3e6609cb91978274b8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739980
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73625}
  • Loading branch information
@Niek
Niek authored and Commit Bot committed Mar 24, 2021
1 parent 9ca7465 commit 40e499c
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 0 deletions.
2 changes: 2 additions & 0 deletions AUTHORS
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,7 @@ Milton Chiang <milton.chiang@mediatek.com>
Mu Tao <pamilty@gmail.com>
Myeong-bo Shim <m0609.shim@samsung.com>
Nicolas Antonius Ernst Leopold Maria Kaiser <nikai@nikai.net>
Niek van der Maas <mail@niekvandermaas.nl>
Niklas Hambüchen <mail@nh2.me>
Noj Vek <nojvek@gmail.com>
Oleksandr Chekhovskyi <oleksandr.chekhovskyi@gmail.com>
Expand Down Expand Up @@ -235,6 +236,7 @@ Yi Wang <wangyi8848@gmail.com>
Yong Wang <ccyongwang@tencent.com>
Youfeng Hao <ajihyf@gmail.com>
Yu Yin <xwafish@gmail.com>
Yusif Khudhur <yusif.khudhur@gmail.com>
Zac Hansen <xaxxon@gmail.com>
Zeynep Cankara <zeynepcankara402@gmail.com>
Zhao Jiazhong <kyslie3100@gmail.com>
Expand Down
3 changes: 3 additions & 0 deletions src/objects/objects.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -461,6 +461,9 @@ Handle<String> Object::NoSideEffectsToString(Isolate* isolate,

if (input->IsString() || input->IsNumber() || input->IsOddball()) {
return Object::ToString(isolate, input).ToHandleChecked();
} else if (input->IsJSProxy()) {
HeapObject target = Handle<JSProxy>::cast(input)->target(isolate);
return NoSideEffectsToString(isolate, Handle<Object>(target, isolate));
} else if (input->IsBigInt()) {
MaybeHandle<String> maybe_string =
BigInt::ToString(isolate, Handle<BigInt>::cast(input), 10, kDontThrow);
Expand Down
5 changes: 5 additions & 0 deletions test/cctest/test-object.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,11 @@ TEST(NoSideEffectsToString) {
"Error: fisk hest");
CheckObject(isolate, factory->NewJSObject(isolate->object_function()),
"#<Object>");
CheckObject(
isolate,
factory->NewJSProxy(factory->NewJSObject(isolate->object_function()),
factory->NewJSObject(isolate->object_function())),
"#<Object>");
}

TEST(EnumCache) {
Expand Down

0 comments on commit 40e499c

Please sign in to comment.