-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not copy value onto vm sandbox in strict mode #7908
Conversation
const ctx = vm.createContext(); | ||
|
||
vm.runInContext('w = 1;', ctx); | ||
assert.equal(1, ctx.w); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: use assert.strictEqual
wherever it makes sense
bool is_contextual_store = ctx->global_proxy() != args.This(); | ||
|
||
bool set_property_will_throw = args.ShouldThrowOnError() | ||
&& !is_declared.FromJust() && is_contextual_store; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor nit: the readability of this expression would be better if the FromJust
were to be done above as part of the definition of is_declared
.
Failed on Windows:
I guess that's unrelated to the change? |
Another attempt: https://ci.nodejs.org/job/node-test-pull-request/3448/ |
LGTM, but it would be good to get @hashseed and @bnoordhuis to sign-off as well. The arm64 buildbot seems to have run infrastructure issues (it passed in the earlier build). I would consider the CI to be green. |
LGTM. As discussed, this hinges on getting the prediction right. However, since that part is specified in ECMA262, I think it won't change anytime soon. |
bool is_contextual_store = ctx->global_proxy() != args.This(); | ||
|
||
bool set_property_will_throw = args.ShouldThrowOnError() | ||
&& !is_declared && is_contextual_store; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Style nit: &&
should go on previous line. I'd write it as:
bool set_property_will_throw =
args.ShouldThrowOnError() &&
!is_declared &&
is_contextual_store;
LGTM with some style nits. |
const vm = require('vm'); | ||
const ctx = vm.createContext(); | ||
|
||
vm.runInContext('w = 1;', ctx); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor nit... would you mind adding a short comment here about what precisely this test is verifying? ... just to make it easier for other devs who are looking at this test in the future.
LGTM with a nit. |
b560a65
to
ba84d34
Compare
In vm, the setter interceptor should not copy a value onto the sandbox, if setting it on the global object will fail. It will fail if we are in strict mode and set a value without declaring it. Fixes nodejs#5344
Style nits addressed and added a comment explaining the tests. |
LGTM. Another CI run after changes: https://ci.nodejs.org/job/node-test-pull-request/3481/ |
LGTM with the changes! Thank you! |
Build bot failure on Windows on the last CI run... trying again: https://ci.nodejs.org/job/node-test-pull-request/3486/ |
More buildbot failures. Let's try again. CI: https://ci.nodejs.org/job/node-test-pull-request/3495/ |
Green. Thanks! |
In vm, the setter interceptor should not copy a value onto the sandbox, if setting it on the global object will fail. It will fail if we are in strict mode and set a value without declaring it. Fixes: #5344 PR-URL: #7908 Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Landed in 588ee22! Thank you! |
This might be good a good candidate backport to 6.x and possibly 4.x (if the issue is present there). |
In vm, the setter interceptor should not copy a value onto the sandbox, if setting it on the global object will fail. It will fail if we are in strict mode and set a value without declaring it. Fixes: #5344 PR-URL: #7908 Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
@fhinkel it would appear that this problem exists on v4.x but Would you be able to backport? |
Sounds like the API version is too old, I don't think we can easily backport :( |
@fhinkel do you think that this bug is bad enough to come up with another solution, or should we just let it be? |
Let it be. That's fine. |
Checklist
make -j4 test
(UNIX)Affected core subsystem(s)
src
Description of change
In vm, the setter interceptor should not copy a value onto the sandbox, if setting on
the global object will fail because we are in strict mode and the variable is not declared.
Fixes #5344
/cc @bnoordhuis @hashseed @ofrobots