diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2016-12-02 13:47:03 +0100 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-03-28 11:24:48 +0000 |
commit | fa9fa06d05b0d0b5c2a0c217492b961d917e7475 (patch) | |
tree | 78a11cda5386c1ad9264a4fd812737de14b9bb07 | |
parent | 1e164227a704de87b57b69f69d2e3796ffb70cd2 (diff) |
[Backport] Merged: Squashed multiple commits.
Merged: Add test for making private symbols non-enumerable
Revision: 942604dfb2895cf0e56173b271e66804ff41478a
Merged: Make private symbols non-enumerable
Revision: 135b9f9360342089de151990a7bf61c31caa6f1f
BUG=chromium:664411,chromium:664411
LOG=N
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=cbruni@chromium.org
Review URL: https://codereview.chromium.org/2498973002 .
(CVE-2016-9651)
Change-Id: I4a543b0e43dd75b798a6642f9dfa282ff23edfa0
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
-rw-r--r-- | chromium/v8/src/lookup.cc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/chromium/v8/src/lookup.cc b/chromium/v8/src/lookup.cc index 48da4fabeea..3b38c6caf40 100644 --- a/chromium/v8/src/lookup.cc +++ b/chromium/v8/src/lookup.cc @@ -223,6 +223,11 @@ void LookupIterator::PrepareTransitionToDataProperty( Handle<Object> value, PropertyAttributes attributes, Object::StoreFromKeyed store_mode) { if (state_ == TRANSITION) return; + + if (!IsElement() && name()->IsPrivate()) { + attributes = static_cast<PropertyAttributes>(attributes | DONT_ENUM); + } + DCHECK(state_ != LookupIterator::ACCESSOR || (GetAccessors()->IsAccessorInfo() && AccessorInfo::cast(*GetAccessors())->is_special_data_property())); @@ -303,6 +308,9 @@ void LookupIterator::TransitionToAccessorProperty( // handled via a trap. Adding properties to primitive values is not // observable. Handle<JSObject> receiver = GetStoreTarget(); + if (!IsElement() && name()->IsPrivate()) { + attributes = static_cast<PropertyAttributes>(attributes | DONT_ENUM); + } if (!IsElement() && !receiver->map()->is_dictionary_map()) { holder_ = receiver; |