Prevent fast access mode arrays from low-level property management methods (#3047)
This patch fixes #3043 and fixes #3045 and fixes #3046. JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik frobert@inf.u-szeged.hu
This commit is contained in:
Robert Fancsik
committed by
Dániel Bátyai
Dániel Bátyai
parent
3e661c0c5a
commit
1088273bc3
@@ -14,6 +14,7 @@
|
||||
*/
|
||||
|
||||
#include "ecma-alloc.h"
|
||||
#include "ecma-array-object.h"
|
||||
#include "ecma-globals.h"
|
||||
#include "ecma-objects.h"
|
||||
#include "ecma-helpers.h"
|
||||
@@ -37,6 +38,13 @@ ecma_create_native_pointer_property (ecma_object_t *obj_p, /**< object to create
|
||||
void *info_p) /**< native pointer's type info */
|
||||
{
|
||||
ecma_string_t *name_p = ecma_get_magic_string (LIT_INTERNAL_MAGIC_STRING_NATIVE_POINTER);
|
||||
|
||||
if (ecma_get_object_type (obj_p) == ECMA_OBJECT_TYPE_ARRAY
|
||||
&& ((ecma_extended_object_t *) obj_p)->u.array.is_fast_mode)
|
||||
{
|
||||
ecma_fast_array_convert_to_normal (obj_p);
|
||||
}
|
||||
|
||||
ecma_property_t *property_p = ecma_find_named_property (obj_p, name_p);
|
||||
|
||||
bool is_new = (property_p == NULL);
|
||||
@@ -107,6 +115,13 @@ ecma_native_pointer_t *
|
||||
ecma_get_native_pointer_value (ecma_object_t *obj_p, /**< object to get property value from */
|
||||
void *info_p) /**< native pointer's type info */
|
||||
{
|
||||
if (ecma_get_object_type (obj_p) == ECMA_OBJECT_TYPE_ARRAY
|
||||
&& ((ecma_extended_object_t *) obj_p)->u.array.is_fast_mode)
|
||||
{
|
||||
/* Fast access mode array can not have native pointer properties */
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ecma_string_t *name_p = ecma_get_magic_string (LIT_INTERNAL_MAGIC_STRING_NATIVE_POINTER);
|
||||
ecma_property_t *property_p = ecma_find_named_property (obj_p, name_p);
|
||||
|
||||
@@ -149,6 +164,13 @@ bool
|
||||
ecma_delete_native_pointer_property (ecma_object_t *obj_p, /**< object to delete property from */
|
||||
void *info_p) /**< native pointer's type info */
|
||||
{
|
||||
if (ecma_get_object_type (obj_p) == ECMA_OBJECT_TYPE_ARRAY
|
||||
&& ((ecma_extended_object_t *) obj_p)->u.array.is_fast_mode)
|
||||
{
|
||||
/* Fast access mode array can not have native pointer properties */
|
||||
return false;
|
||||
}
|
||||
|
||||
ecma_string_t *name_p = ecma_get_magic_string (LIT_INTERNAL_MAGIC_STRING_NATIVE_POINTER);
|
||||
ecma_property_t *property_p = ecma_find_named_property (obj_p, name_p);
|
||||
|
||||
|
||||
@@ -335,9 +335,6 @@ ecma_create_property (ecma_object_t *object_p, /**< the object */
|
||||
JERRY_ASSERT (ECMA_PROPERTY_PAIR_ITEM_COUNT == 2);
|
||||
JERRY_ASSERT (name_p != NULL);
|
||||
JERRY_ASSERT (object_p != NULL);
|
||||
JERRY_ASSERT (ecma_is_lexical_environment (object_p)
|
||||
|| ecma_get_object_type (object_p) != ECMA_OBJECT_TYPE_ARRAY
|
||||
|| !((ecma_extended_object_t *) object_p)->u.array.is_fast_mode);
|
||||
|
||||
jmem_cpointer_t *property_list_head_p = &object_p->u1.property_list_cp;
|
||||
|
||||
@@ -475,6 +472,9 @@ ecma_create_named_data_property (ecma_object_t *object_p, /**< object */
|
||||
* if this field is non-NULL */
|
||||
{
|
||||
JERRY_ASSERT (object_p != NULL && name_p != NULL);
|
||||
JERRY_ASSERT (ecma_is_lexical_environment (object_p)
|
||||
|| ecma_get_object_type (object_p) != ECMA_OBJECT_TYPE_ARRAY
|
||||
|| !((ecma_extended_object_t *) object_p)->u.array.is_fast_mode);
|
||||
JERRY_ASSERT (ecma_find_named_property (object_p, name_p) == NULL);
|
||||
JERRY_ASSERT ((prop_attributes & ~ECMA_PROPERTY_CONFIGURABLE_ENUMERABLE_WRITABLE) == 0);
|
||||
|
||||
@@ -501,6 +501,9 @@ ecma_create_named_accessor_property (ecma_object_t *object_p, /**< object */
|
||||
* if this field is non-NULL */
|
||||
{
|
||||
JERRY_ASSERT (object_p != NULL && name_p != NULL);
|
||||
JERRY_ASSERT (ecma_is_lexical_environment (object_p)
|
||||
|| ecma_get_object_type (object_p) != ECMA_OBJECT_TYPE_ARRAY
|
||||
|| !((ecma_extended_object_t *) object_p)->u.array.is_fast_mode);
|
||||
JERRY_ASSERT (ecma_find_named_property (object_p, name_p) == NULL);
|
||||
JERRY_ASSERT ((prop_attributes & ~ECMA_PROPERTY_CONFIGURABLE_ENUMERABLE) == 0);
|
||||
|
||||
@@ -533,6 +536,9 @@ ecma_find_named_property (ecma_object_t *obj_p, /**< object to find property in
|
||||
{
|
||||
JERRY_ASSERT (obj_p != NULL);
|
||||
JERRY_ASSERT (name_p != NULL);
|
||||
JERRY_ASSERT (ecma_is_lexical_environment (obj_p)
|
||||
|| ecma_get_object_type (obj_p) != ECMA_OBJECT_TYPE_ARRAY
|
||||
|| !((ecma_extended_object_t *) obj_p)->u.array.is_fast_mode);
|
||||
|
||||
ecma_property_t *property_p = NULL;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user