Skip to content

Commit 40e499c

Browse files
NiekCommit Bot
Niek
authored and
Commit Bot
committed
Fix for Proxy leaking in toString
toString on JS Proxies are leaking, see this sample code: undefined[Function.prototype.toString] undefined[new Proxy(Function.prototype.toString, {})] This change fixes the behavior. Patch credits to Yusif <[email protected]> Change-Id: Id82a0a5c245469973452a3e6609cb91978274b8e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739980 Commit-Queue: Leszek Swirski <[email protected]> Reviewed-by: Leszek Swirski <[email protected]> Cr-Commit-Position: refs/heads/master@{#73625}
1 parent 9ca7465 commit 40e499c

3 files changed

Lines changed: 10 additions & 0 deletions

File tree

AUTHORS

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -167,6 +167,7 @@ Milton Chiang <[email protected]>
167167
Mu Tao <[email protected]>
168168
Myeong-bo Shim <[email protected]>
169169
Nicolas Antonius Ernst Leopold Maria Kaiser <[email protected]>
170+
Niek van der Maas <[email protected]>
170171
Niklas Hambüchen <[email protected]>
171172
Noj Vek <[email protected]>
172173
Oleksandr Chekhovskyi <[email protected]>
@@ -235,6 +236,7 @@ Yi Wang <[email protected]>
235236
Yong Wang <[email protected]>
236237
Youfeng Hao <[email protected]>
237238
Yu Yin <[email protected]>
239+
Yusif Khudhur <[email protected]>
238240
Zac Hansen <[email protected]>
239241
Zeynep Cankara <[email protected]>
240242
Zhao Jiazhong <[email protected]>

src/objects/objects.cc

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -461,6 +461,9 @@ Handle<String> Object::NoSideEffectsToString(Isolate* isolate,
461461

462462
if (input->IsString() || input->IsNumber() || input->IsOddball()) {
463463
return Object::ToString(isolate, input).ToHandleChecked();
464+
} else if (input->IsJSProxy()) {
465+
HeapObject target = Handle<JSProxy>::cast(input)->target(isolate);
466+
return NoSideEffectsToString(isolate, Handle<Object>(target, isolate));
464467
} else if (input->IsBigInt()) {
465468
MaybeHandle<String> maybe_string =
466469
BigInt::ToString(isolate, Handle<BigInt>::cast(input), 10, kDontThrow);

test/cctest/test-object.cc

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,11 @@ TEST(NoSideEffectsToString) {
7777
"Error: fisk hest");
7878
CheckObject(isolate, factory->NewJSObject(isolate->object_function()),
7979
"#<Object>");
80+
CheckObject(
81+
isolate,
82+
factory->NewJSProxy(factory->NewJSObject(isolate->object_function()),
83+
factory->NewJSObject(isolate->object_function())),
84+
"#<Object>");
8085
}
8186

8287
TEST(EnumCache) {

0 commit comments

Comments
 (0)