src/inspector/v8-console-message.cc - Issue 2436783003: [inspector] fix UAF in another part of console code

Side by Side Diff: src/inspector/v8-console-message.cc

Issue 2436783003: [inspector] fix UAF in another part of console code (Closed)

Patch Set: Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2016 the V8 project authors. All rights reserved.	1 // Copyright 2016 the V8 project authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "src/inspector/v8-console-message.h"	5 #include "src/inspector/v8-console-message.h"

6	6

7 #include "src/inspector/inspected-context.h"	7 #include "src/inspector/inspected-context.h"

8 #include "src/inspector/protocol/Protocol.h"	8 #include "src/inspector/protocol/Protocol.h"

9 #include "src/inspector/string-util.h"	9 #include "src/inspector/string-util.h"

10 #include "src/inspector/v8-console-agent-impl.h"	10 #include "src/inspector/v8-console-agent-impl.h"

(...skipping 211 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
222 .build();	222 .build();

223 result->setLine(static_cast<int>(m_lineNumber));	223 result->setLine(static_cast<int>(m_lineNumber));

224 result->setColumn(static_cast<int>(m_columnNumber));	224 result->setColumn(static_cast<int>(m_columnNumber));

225 result->setUrl(m_url);	225 result->setUrl(m_url);

226 frontend->messageAdded(std::move(result));	226 frontend->messageAdded(std::move(result));

227 }	227 }

228	228

229 std::unique_ptr<protocol::Array<protocol::Runtime::RemoteObject>>	229 std::unique_ptr<protocol::Array<protocol::Runtime::RemoteObject>>

230 V8ConsoleMessage::wrapArguments(V8InspectorSessionImpl* session,	230 V8ConsoleMessage::wrapArguments(V8InspectorSessionImpl* session,

231 bool generatePreview) const {	231 bool generatePreview) const {

232 if (!m_arguments.size() \|\| !m_contextId) return nullptr;	232 V8InspectorImpl* inspector = session->inspector();

	233 int contextGroupId = session->contextGroupId();

	234 int contextId = m_contextId;

	235 if (!m_arguments.size() \|\| !contextId) return nullptr;

233 InspectedContext* inspectedContext =	236 InspectedContext* inspectedContext =

234 session->inspector()->getContext(session->contextGroupId(), m_contextId);	237 inspector->getContext(contextGroupId, contextId);

235 if (!inspectedContext) return nullptr;	238 if (!inspectedContext) return nullptr;

236	239

237 v8::Isolate* isolate = inspectedContext->isolate();	240 v8::Isolate* isolate = inspectedContext->isolate();

238 v8::HandleScope handles(isolate);	241 v8::HandleScope handles(isolate);

239 v8::Local<v8::Context> context = inspectedContext->context();	242 v8::Local<v8::Context> context = inspectedContext->context();

240	243

241 std::unique_ptr<protocol::Array<protocol::Runtime::RemoteObject>> args =	244 std::unique_ptr<protocol::Array<protocol::Runtime::RemoteObject>> args =

242 protocol::Array<protocol::Runtime::RemoteObject>::create();	245 protocol::Array<protocol::Runtime::RemoteObject>::create();

243 if (m_type == ConsoleAPIType::kTable && generatePreview) {	246 if (m_type == ConsoleAPIType::kTable && generatePreview) {

244 v8::Local<v8::Value> table = m_arguments[0]->Get(isolate);	247 v8::Local<v8::Value> table = m_arguments[0]->Get(isolate);

245 v8::Local<v8::Value> columns = m_arguments.size() > 1	248 v8::Local<v8::Value> columns = m_arguments.size() > 1

246 ? m_arguments[1]->Get(isolate)	249 ? m_arguments[1]->Get(isolate)

247 : v8::Local<v8::Value>();	250 : v8::Local<v8::Value>();

248 std::unique_ptr<protocol::Runtime::RemoteObject> wrapped =	251 std::unique_ptr<protocol::Runtime::RemoteObject> wrapped =

249 session->wrapTable(context, table, columns);	252 session->wrapTable(context, table, columns);

	253 inspectedContext = inspector->getContext(contextGroupId, contextId);

	254 if (!inspectedContext) return nullptr;

250 if (wrapped)	255 if (wrapped)

251 args->addItem(std::move(wrapped));	256 args->addItem(std::move(wrapped));

252 else	257 else

253 args = nullptr;	258 args = nullptr;

254 } else {	259 } else {

255 for (size_t i = 0; i < m_arguments.size(); ++i) {	260 for (size_t i = 0; i < m_arguments.size(); ++i) {

256 std::unique_ptr<protocol::Runtime::RemoteObject> wrapped =	261 std::unique_ptr<protocol::Runtime::RemoteObject> wrapped =

257 session->wrapObject(context, m_arguments[i]->Get(isolate), "console",	262 session->wrapObject(context, m_arguments[i]->Get(isolate), "console",

258 generatePreview);	263 generatePreview);

	264 inspectedContext = inspector->getContext(contextGroupId, contextId);

	265 if (!inspectedContext) return nullptr;

259 if (!wrapped) {	266 if (!wrapped) {

260 args = nullptr;	267 args = nullptr;

261 break;	268 break;

262 }	269 }

263 args->addItem(std::move(wrapped));	270 args->addItem(std::move(wrapped));

264 }	271 }

265 }	272 }

266 return args;	273 return args;

267 }	274 }

268	275

269 void V8ConsoleMessage::reportToFrontend(protocol::Runtime::Frontend* frontend,	276 void V8ConsoleMessage::reportToFrontend(protocol::Runtime::Frontend* frontend,

270 V8InspectorSessionImpl* session,	277 V8InspectorSessionImpl* session,

271 bool generatePreview) const {	278 bool generatePreview) const {

	279 int contextGroupId = session->contextGroupId();

	280 V8InspectorImpl* inspector = session->inspector();

	281

272 if (m_origin == V8MessageOrigin::kException) {	282 if (m_origin == V8MessageOrigin::kException) {

273 std::unique_ptr<protocol::Runtime::RemoteObject> exception =	283 std::unique_ptr<protocol::Runtime::RemoteObject> exception =

274 wrapException(session, generatePreview);	284 wrapException(session, generatePreview);

	285 if (!inspector->hasConsoleMessageStorage(contextGroupId)) return;

275 std::unique_ptr<protocol::Runtime::ExceptionDetails> exceptionDetails =	286 std::unique_ptr<protocol::Runtime::ExceptionDetails> exceptionDetails =

276 protocol::Runtime::ExceptionDetails::create()	287 protocol::Runtime::ExceptionDetails::create()

277 .setExceptionId(m_exceptionId)	288 .setExceptionId(m_exceptionId)

278 .setText(exception ? m_message : m_detailedMessage)	289 .setText(exception ? m_message : m_detailedMessage)

279 .setLineNumber(m_lineNumber ? m_lineNumber - 1 : 0)	290 .setLineNumber(m_lineNumber ? m_lineNumber - 1 : 0)

280 .setColumnNumber(m_columnNumber ? m_columnNumber - 1 : 0)	291 .setColumnNumber(m_columnNumber ? m_columnNumber - 1 : 0)

281 .build();	292 .build();

282 if (m_scriptId)	293 if (m_scriptId)

283 exceptionDetails->setScriptId(String16::fromInteger(m_scriptId));	294 exceptionDetails->setScriptId(String16::fromInteger(m_scriptId));

284 if (!m_url.isEmpty()) exceptionDetails->setUrl(m_url);	295 if (!m_url.isEmpty()) exceptionDetails->setUrl(m_url);

285 if (m_stackTrace)	296 if (m_stackTrace)

286 exceptionDetails->setStackTrace(m_stackTrace->buildInspectorObjectImpl());	297 exceptionDetails->setStackTrace(m_stackTrace->buildInspectorObjectImpl());

287 if (m_contextId) exceptionDetails->setExecutionContextId(m_contextId);	298 if (m_contextId) exceptionDetails->setExecutionContextId(m_contextId);

288 if (exception) exceptionDetails->setException(std::move(exception));	299 if (exception) exceptionDetails->setException(std::move(exception));

289 frontend->exceptionThrown(m_timestamp, std::move(exceptionDetails));	300 frontend->exceptionThrown(m_timestamp, std::move(exceptionDetails));

290 return;	301 return;

291 }	302 }

292 if (m_origin == V8MessageOrigin::kRevokedException) {	303 if (m_origin == V8MessageOrigin::kRevokedException) {

293 frontend->exceptionRevoked(m_message, m_revokedExceptionId);	304 frontend->exceptionRevoked(m_message, m_revokedExceptionId);

294 return;	305 return;

295 }	306 }

296 if (m_origin == V8MessageOrigin::kConsole) {	307 if (m_origin == V8MessageOrigin::kConsole) {

297 std::unique_ptr<protocol::Array<protocol::Runtime::RemoteObject>>	308 std::unique_ptr<protocol::Array<protocol::Runtime::RemoteObject>>

298 arguments = wrapArguments(session, generatePreview);	309 arguments = wrapArguments(session, generatePreview);

	310 if (!inspector->hasConsoleMessageStorage(contextGroupId)) return;

299 if (!arguments) {	311 if (!arguments) {

300 arguments = protocol::Array<protocol::Runtime::RemoteObject>::create();	312 arguments = protocol::Array<protocol::Runtime::RemoteObject>::create();

301 if (!m_message.isEmpty()) {	313 if (!m_message.isEmpty()) {

302 std::unique_ptr<protocol::Runtime::RemoteObject> messageArg =	314 std::unique_ptr<protocol::Runtime::RemoteObject> messageArg =

303 protocol::Runtime::RemoteObject::create()	315 protocol::Runtime::RemoteObject::create()

304 .setType(protocol::Runtime::RemoteObject::TypeEnum::String)	316 .setType(protocol::Runtime::RemoteObject::TypeEnum::String)

305 .build();	317 .build();

306 messageArg->setValue(protocol::StringValue::create(m_message));	318 messageArg->setValue(protocol::StringValue::create(m_message));

307 arguments->addItem(std::move(messageArg));	319 arguments->addItem(std::move(messageArg));

308 }	320 }

(...skipping 155 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
464 m_inspector->sessionForContextGroup(m_contextGroupId))	476 m_inspector->sessionForContextGroup(m_contextGroupId))

465 session->releaseObjectGroup("console");	477 session->releaseObjectGroup("console");

466 }	478 }

467	479

468 void V8ConsoleMessageStorage::contextDestroyed(int contextId) {	480 void V8ConsoleMessageStorage::contextDestroyed(int contextId) {

469 for (size_t i = 0; i < m_messages.size(); ++i)	481 for (size_t i = 0; i < m_messages.size(); ++i)

470 m_messages[i]->contextDestroyed(contextId);	482 m_messages[i]->contextDestroyed(contextId);

471 }	483 }

472	484

473 } // namespace v8_inspector	485 } // namespace v8_inspector

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »