changeset 1771:925e7b26b363

8077149: __noSuchProperty__ and __noSuchMethod__ invocations are not properly guarded Reviewed-by: jlaskey, mhaupt
author hannesw
date Wed, 07 Sep 2016 22:48:02 +0200
parents cb00d5ef023a
children f11b8f5c4ccb
files src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/ScriptFunction.java src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/ScriptObject.java src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/SharedPropertyMap.java test/script/basic/JDK-8077149.js
diffstat 4 files changed, 83 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/ScriptFunction.java	Thu Sep 01 23:20:13 2016 +0000
+++ b/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/ScriptFunction.java	Wed Sep 07 22:48:02 2016 +0200
@@ -1273,7 +1273,11 @@
         // a new zeroth element that is set to bindName value.
         final MethodType methodType = methodHandle.type();
         final int parameterCount = methodType.parameterCount();
-        final boolean isVarArg = parameterCount > 0 && methodType.parameterType(parameterCount - 1).isArray();
+
+        if (parameterCount < 2) {
+            return methodHandle; // method does not have enough parameters
+        }
+        final boolean isVarArg = methodType.parameterType(parameterCount - 1).isArray();
 
         if (isVarArg) {
             return MH.filterArguments(methodHandle, 1, MH.insertArguments(ADD_ZEROTH_ELEMENT, 1, bindName));
--- a/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/ScriptObject.java	Thu Sep 01 23:20:13 2016 +0000
+++ b/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/ScriptObject.java	Wed Sep 07 22:48:02 2016 +0200
@@ -2172,6 +2172,21 @@
         return switchPoints.toArray(new SwitchPoint[0]);
     }
 
+    // Similar to getProtoSwitchPoints method above, but used for additional prototype switchpoints of
+    // properties that are known not to exist, e.g. the original property name in a __noSuchProperty__ invocation.
+    private SwitchPoint getProtoSwitchPoint(final String name) {
+        if (getProto() == null) {
+            return null;
+        }
+
+        for (ScriptObject obj = this; obj.getProto() != null; obj = obj.getProto()) {
+            final ScriptObject parent = obj.getProto();
+            parent.getMap().addListener(name, obj.getMap());
+        }
+
+        return getMap().getSwitchPoint(name);
+    }
+
     private void checkSharedProtoMap() {
         // Check if our map has an expected shared prototype property map. If it has, make sure that
         // the prototype map has not been invalidated, and that it does match the actual map of the prototype.
@@ -2343,7 +2358,9 @@
         final boolean      scopeCall = isScope() && NashornCallSiteDescriptor.isScope(desc);
 
         if (find == null) {
-            return noSuchProperty(desc, request);
+            return noSuchProperty(desc, request)
+                    // Add proto switchpoint to switch from no-such-property to no-such-method if it is ever defined.
+                    .addSwitchPoint(getProtoSwitchPoint(NO_SUCH_METHOD_NAME));
         }
 
         final boolean explicitInstanceOfCheck = explicitInstanceOfCheck(desc, request);
@@ -2366,7 +2383,9 @@
                         Object.class),
                 NashornGuards.combineGuards(
                         NashornGuards.getIdentityGuard(this),
-                        NashornGuards.getMapGuard(getMap(), true)));
+                        NashornGuards.getMapGuard(getMap(), true)))
+                // Add a protoype switchpoint for the original name so this gets invalidated if it is ever defined.
+                .addSwitchPoint(getProtoSwitchPoint(name));
     }
 
     /**
@@ -2412,7 +2431,9 @@
                                 func),
                         getProtoSwitchPoints(NO_SUCH_PROPERTY_NAME, find.getOwner()),
                         //TODO this doesn't need a ClassCastException as guard always checks script object
-                        null);
+                        null)
+                        // Add a protoype switchpoint for the original name so this gets invalidated if it is ever defined.
+                        .addSwitchPoint(getProtoSwitchPoint(name));
             }
         }
 
--- a/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/SharedPropertyMap.java	Thu Sep 01 23:20:13 2016 +0000
+++ b/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/SharedPropertyMap.java	Wed Sep 07 22:48:02 2016 +0200
@@ -29,7 +29,7 @@
 
 /**
  * This class represents a property map that can be shared among multiple prototype objects, allowing all inheriting
- * top-level objects to also share one property map. This is class is only used for prototype objects, the
+ * top-level objects to also share one property map. This class is only used for prototype objects, the
  * top-level objects use ordinary {@link PropertyMap}s with the {@link PropertyMap#sharedProtoMap} field
  * set to the expected shared prototype map.
  *
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/script/basic/JDK-8077149.js	Wed Sep 07 22:48:02 2016 +0200
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * JDK-8077149: __noSuchProperty__ and __noSuchMethod__ invocations are not properly guarded
+ *
+ * @test
+ * @run
+ */
+
+var o = {};
+
+function invoke() {
+    return o._();
+}
+
+Object.prototype.__noSuchProperty__ = function() {
+    return function() { return "no such property" };
+};
+
+Assert.assertEquals(invoke(), "no such property");
+
+Object.prototype.__noSuchMethod__ = function() {
+    return "no such method";
+};
+
+Assert.assertEquals(invoke(), "no such method");
+
+Object.prototype._ = function() {
+    return "underscore method";
+};
+
+Assert.assertEquals(invoke(), "underscore method");