Mercurial > jdk8-mips64-public > nashorn / changeset
changeset
8030197: Nashorn: Object.defineProperty() can be lured to change fixed NaN property
Tue, 25 Feb 2014 18:56:10 +0530
- author
- sundar
- date
- Tue, 25 Feb 2014 18:56:10 +0530
- changeset 765
- 316ee513df62
- parent 764
- 946916efe39e
- child 766
- 06ee95f094b4
8030197: Nashorn: Object.defineProperty() can be lured to change fixed NaN property
Reviewed-by: attila, jlaskey
1.1 --- a/src/jdk/nashorn/internal/objects/AccessorPropertyDescriptor.java Fri Feb 07 18:47:46 2014 +0530 1.2 +++ b/src/jdk/nashorn/internal/objects/AccessorPropertyDescriptor.java Tue Feb 25 18:56:10 2014 +0530 1.3 @@ -185,6 +185,18 @@ 1.4 } 1.5 1.6 @Override 1.7 + public boolean hasAndEquals(final PropertyDescriptor otherDesc) { 1.8 + if (! (otherDesc instanceof AccessorPropertyDescriptor)) { 1.9 + return false; 1.10 + } 1.11 + final AccessorPropertyDescriptor other = (AccessorPropertyDescriptor)otherDesc; 1.12 + return (!has(CONFIGURABLE) || sameValue(configurable, other.configurable)) && 1.13 + (!has(ENUMERABLE) || sameValue(enumerable, other.enumerable)) && 1.14 + (!has(GET) || sameValue(get, other.get)) && 1.15 + (!has(SET) || sameValue(set, other.set)); 1.16 + } 1.17 + 1.18 + @Override 1.19 public boolean equals(final Object obj) { 1.20 if (this == obj) { 1.21 return true;
2.1 --- a/src/jdk/nashorn/internal/objects/DataPropertyDescriptor.java Fri Feb 07 18:47:46 2014 +0530 2.2 +++ b/src/jdk/nashorn/internal/objects/DataPropertyDescriptor.java Tue Feb 25 18:56:10 2014 +0530 2.3 @@ -172,6 +172,19 @@ 2.4 } 2.5 2.6 @Override 2.7 + public boolean hasAndEquals(final PropertyDescriptor otherDesc) { 2.8 + if (! (otherDesc instanceof DataPropertyDescriptor)) { 2.9 + return false; 2.10 + } 2.11 + 2.12 + final DataPropertyDescriptor other = (DataPropertyDescriptor)otherDesc; 2.13 + return (!has(CONFIGURABLE) || sameValue(configurable, other.configurable)) && 2.14 + (!has(ENUMERABLE) || sameValue(enumerable, other.enumerable)) && 2.15 + (!has(WRITABLE) || sameValue(writable, other.writable)) && 2.16 + (!has(VALUE) || sameValue(value, other.value)); 2.17 + } 2.18 + 2.19 + @Override 2.20 public boolean equals(final Object obj) { 2.21 if (this == obj) { 2.22 return true;
3.1 --- a/src/jdk/nashorn/internal/objects/GenericPropertyDescriptor.java Fri Feb 07 18:47:46 2014 +0530 3.2 +++ b/src/jdk/nashorn/internal/objects/GenericPropertyDescriptor.java Tue Feb 25 18:56:10 2014 +0530 3.3 @@ -149,6 +149,23 @@ 3.4 } 3.5 3.6 @Override 3.7 + public boolean hasAndEquals(final PropertyDescriptor other) { 3.8 + if (has(CONFIGURABLE) && other.has(CONFIGURABLE)) { 3.9 + if (isConfigurable() != other.isConfigurable()) { 3.10 + return false; 3.11 + } 3.12 + } 3.13 + 3.14 + if (has(ENUMERABLE) && other.has(ENUMERABLE)) { 3.15 + if (isEnumerable() != other.isEnumerable()) { 3.16 + return false; 3.17 + } 3.18 + } 3.19 + 3.20 + return true; 3.21 + } 3.22 + 3.23 + @Override 3.24 public boolean equals(final Object obj) { 3.25 if (this == obj) { 3.26 return true;
4.1 --- a/src/jdk/nashorn/internal/runtime/PropertyDescriptor.java Fri Feb 07 18:47:46 2014 +0530 4.2 +++ b/src/jdk/nashorn/internal/runtime/PropertyDescriptor.java Tue Feb 25 18:56:10 2014 +0530 4.3 @@ -151,5 +151,12 @@ 4.4 * @return true if property exists in implementor 4.5 */ 4.6 public boolean has(Object key); 4.7 + 4.8 + /** 4.9 + * Check existence and compare attributes of descriptors. 4.10 + * 4.11 + * @return true if every field of this desc exists in otherDesc and has the same value. 4.12 + */ 4.13 + public boolean hasAndEquals(PropertyDescriptor otherDesc); 4.14 } 4.15
5.1 --- a/src/jdk/nashorn/internal/runtime/ScriptObject.java Fri Feb 07 18:47:46 2014 +0530 5.2 +++ b/src/jdk/nashorn/internal/runtime/ScriptObject.java Tue Feb 25 18:56:10 2014 +0530 5.3 @@ -469,7 +469,7 @@ 5.4 return true; 5.5 } 5.6 5.7 - if (currentDesc.equals(newDesc)) { 5.8 + if (newDesc.hasAndEquals(currentDesc)) { 5.9 // every descriptor field of the new is same as the current 5.10 return true; 5.11 }
6.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 6.2 +++ b/test/script/basic/JDK-8030197.js Tue Feb 25 18:56:10 2014 +0530 6.3 @@ -0,0 +1,46 @@ 6.4 +/* 6.5 + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. 6.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 6.7 + * 6.8 + * This code is free software; you can redistribute it and/or modify it 6.9 + * under the terms of the GNU General Public License version 2 only, as 6.10 + * published by the Free Software Foundation. 6.11 + * 6.12 + * This code is distributed in the hope that it will be useful, but WITHOUT 6.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 6.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 6.15 + * version 2 for more details (a copy is included in the LICENSE file that 6.16 + * accompanied this code). 6.17 + * 6.18 + * You should have received a copy of the GNU General Public License version 6.19 + * 2 along with this work; if not, write to the Free Software Foundation, 6.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 6.21 + * 6.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 6.23 + * or visit www.oracle.com if you need additional information or have any 6.24 + * questions. 6.25 + */ 6.26 + 6.27 + 6.28 +/** 6.29 + * JDK-8030197: Nashorn: Object.defineProperty() can be lured to change fixed NaN property 6.30 + * 6.31 + * @test 6.32 + * @run 6.33 + */ 6.34 + 6.35 +function str(n) { 6.36 + var a = new Uint8Array(new Float64Array([n]).buffer); 6.37 + return Array.apply(null, a).reduceRight( 6.38 + function(acc, v){ 6.39 + return acc + (v < 10 ? "0" : "") + v.toString(16); 6.40 + }, ""); 6.41 +} 6.42 + 6.43 +var o = Object.defineProperty({}, "NaN", { value: NaN }) 6.44 +var str1 = str(o.NaN); 6.45 +Object.defineProperty(o, "NaN", { value: 0/0 }) 6.46 +var str2 = str(o.NaN); 6.47 +if (str1 != str2) { 6.48 + fail("NaN bit pattern changed"); 6.49 +}
