Source/bindings/v8/DOMDataStore.h - Issue 14623025: Revert "Revert "Replace ScriptWrappable pointer masking with back-pointer check in DOMDataStore.""

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: Source/bindings/v8/DOMDataStore.h

Issue 14623025: Revert "Revert "Replace ScriptWrappable pointer masking with back-pointer check in DOMDataStore."" (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: Created 7 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: Source/bindings/v8/DOMDataStore.h

diff --git a/Source/bindings/v8/DOMDataStore.h b/Source/bindings/v8/DOMDataStore.h

index 46f56c9603de9159a5fc2bb92f681d19dc6a7951..2d1d7b16a3873ce0c5d61a853dfd2593d0b3b290 100644

--- a/Source/bindings/v8/DOMDataStore.h

+++ b/Source/bindings/v8/DOMDataStore.h

@@ -61,8 +61,12 @@ public:

// way is to check whether the wrappable's wrapper is the same as

// the holder.

if ((!DOMWrapperWorld::isolatedWorldsExist() && !canExistInWorker(object)) || holderContainsWrapper(container, holder)) {

- if (ScriptWrappable::wrapperCanBeStoredInObject(object))

- return ScriptWrappable::getUnsafeWrapperFromObject(object).handle();

+ if (ScriptWrappable::wrapperCanBeStoredInObject(object)) {

+ v8::Handle<v8::Object> result = ScriptWrappable::getUnsafeWrapperFromObject(object).handle();

+ // Security: always guard against malicious tampering.

+ RELEASE_ASSERT(result.IsEmpty() || result->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex) == static_cast<void*>(object));

+ return result;

+ }

return mainWorldStore()->m_wrapperMap.get(object);

}

return current(container.GetIsolate())->get(object);

@@ -72,8 +76,12 @@ public:

static v8::Handle<v8::Object> getWrapper(T* object, v8::Isolate* isolate)

{

if (ScriptWrappable::wrapperCanBeStoredInObject(object) && !canExistInWorker(object)) {

- if (LIKELY(!DOMWrapperWorld::isolatedWorldsExist()))

- return ScriptWrappable::getUnsafeWrapperFromObject(object).handle();

+ if (LIKELY(!DOMWrapperWorld::isolatedWorldsExist())) {

+ v8::Handle<v8::Object> result = ScriptWrappable::getUnsafeWrapperFromObject(object).handle();

+ // Security: always guard against malicious tampering.

+ RELEASE_ASSERT(result.IsEmpty() || result->GetAlignedPointerFromInternalField(v8DOMWrapperObjectIndex) == static_cast<void*>(object));

+ return result;

+ }

}

return current(isolate)->get(object);

}

« no previous file with comments | « no previous file | Source/bindings/v8/ScriptWrappable.h » ('j') | no next file with comments »