Skip to content

Commit

Permalink
Add stack limit check to proxy operations
Browse files Browse the repository at this point in the history
Fixes jerryscript-project#3785.

JerryScript-DCO-1.0-Signed-off-by: Dániel Bátyai [email protected]
  • Loading branch information
dbatyai committed May 25, 2020
1 parent 589af6d commit 012b81c
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 0 deletions.
4 changes: 4 additions & 0 deletions jerry-core/ecma/operations/ecma-proxy-object.c
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
#include "ecma-objects.h"
#include "ecma-objects-general.h"
#include "ecma-proxy-object.h"
#include "jcontext.h"

/** \addtogroup ecma ECMA
* @{
Expand Down Expand Up @@ -993,6 +994,7 @@ ecma_value_t
ecma_proxy_object_has (ecma_object_t *obj_p, /**< proxy object */
ecma_string_t *prop_name_p) /**< property name */
{
ECMA_CHECK_STACK_USAGE ();
JERRY_ASSERT (ECMA_OBJECT_IS_PROXY (obj_p));

ecma_proxy_object_t *proxy_obj_p = (ecma_proxy_object_t *) obj_p;
Expand Down Expand Up @@ -1096,6 +1098,7 @@ ecma_proxy_object_get (ecma_object_t *obj_p, /**< proxy object */
ecma_string_t *prop_name_p, /**< property name */
ecma_value_t receiver) /**< receiver to invoke getter function */
{
ECMA_CHECK_STACK_USAGE ();
JERRY_ASSERT (ECMA_OBJECT_IS_PROXY (obj_p));

ecma_proxy_object_t *proxy_obj_p = (ecma_proxy_object_t *) obj_p;
Expand Down Expand Up @@ -1200,6 +1203,7 @@ ecma_proxy_object_set (ecma_object_t *obj_p, /**< proxy object */
ecma_value_t value, /**< value to set */
ecma_value_t receiver) /**< receiver to invoke setter function */
{
ECMA_CHECK_STACK_USAGE ();
JERRY_ASSERT (ECMA_OBJECT_IS_PROXY (obj_p));

ecma_proxy_object_t *proxy_obj_p = (ecma_proxy_object_t *) obj_p;
Expand Down
37 changes: 37 additions & 0 deletions tests/jerry/es2015/regression-test-issue-3785.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
// Copyright JS Foundation and other contributors, http://js.foundation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

var a = new Proxy({length:2}, {});
a.__proto__ = a;

try {
a[1];
assert (false);
} catch (e) {
assert (e instanceof RangeError);
}

try {
a[1] = 2;
assert (false);
} catch (e) {
assert (e instanceof RangeError);
}

try {
Array.prototype.forEach.call(a, ()=>{});
assert (false);
} catch (e) {
assert (e instanceof RangeError);
}

0 comments on commit 012b81c

Please sign in to comment.