[MERGE chakra-core#2425 @leirocks] pick two proxy bug fix to release/1.4

leirocks · leirocks · commit 0ab7db761bd9 · 2017-01-27T16:35:46.000-08:00
Merge pull request chakra-core#2425 from leirocks:proxyBugFixPort Proxy ownkeys trap needs marshal cheery-picked from: 6d7c7ca need marshal in JavascriptProxy::GetValueFromDescriptor my change chakra-core@6aa7967 revealed this bug cheery-picked from master: 764e978
diff --git a/lib/Runtime/Language/JavascriptOperators.cpp b/lib/Runtime/Language/JavascriptOperators.cpp
@@ -1116,7 +1116,7 @@ namespace Js
         if (JavascriptProxy::Is(instance))
         {
             JavascriptProxy* proxy = JavascriptProxy::FromVar(instance);
-            return proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::GetOwnPropertyNamesKind);
+            return proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::GetOwnPropertyNamesKind, scriptContext);
         }
 
         return JavascriptObject::CreateOwnStringPropertiesHelper(object, scriptContext);
@@ -1130,7 +1130,7 @@ namespace Js
         if (JavascriptProxy::Is(instance))
         {
             JavascriptProxy* proxy = JavascriptProxy::FromVar(instance);
-            return proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::GetOwnPropertySymbolKind);
+            return proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::GetOwnPropertySymbolKind, scriptContext);
         }
 
         return JavascriptObject::CreateOwnSymbolPropertiesHelper(object, scriptContext);
@@ -1143,7 +1143,7 @@ namespace Js
         if (JavascriptProxy::Is(instance))
         {
             JavascriptProxy* proxy = JavascriptProxy::FromVar(instance);
-            return proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::KeysKind);
+            return proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::KeysKind, scriptContext);
         }
 
         return JavascriptObject::CreateOwnStringSymbolPropertiesHelper(object, scriptContext);
@@ -1156,7 +1156,7 @@ namespace Js
         if (JavascriptProxy::Is(instance))
         {
             JavascriptProxy* proxy = JavascriptProxy::FromVar(instance);
-            JavascriptArray* proxyResult = proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::GetOwnPropertyNamesKind);
+            JavascriptArray* proxyResult = proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::GetOwnPropertyNamesKind, scriptContext);
             JavascriptArray* proxyResultToReturn = scriptContext->GetLibrary()->CreateArray(0);
 
             // filter enumerable keys
@@ -1192,7 +1192,7 @@ namespace Js
         if (JavascriptProxy::Is(instance))
         {
             JavascriptProxy* proxy = JavascriptProxy::FromVar(instance);
-            return proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::KeysKind);
+            return proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::KeysKind, scriptContext);
         }
         return JavascriptObject::CreateOwnEnumerableStringSymbolPropertiesHelper(object, scriptContext);
     }
diff --git a/lib/Runtime/Library/JSON.cpp b/lib/Runtime/Library/JSON.cpp
@@ -603,7 +603,7 @@ namespace JSON
             if (JavascriptProxy::Is(object))
             {
                 JavascriptProxy* proxyObject = JavascriptProxy::FromVar(object);
-                JavascriptArray* proxyResult = proxyObject->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::GetOwnPropertyNamesKind);
+                JavascriptArray* proxyResult = proxyObject->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::GetOwnPropertyNamesKind, this->scriptContext);
 
                 // filter enumerable keys
                 uint32 resultLength = proxyResult->GetLength();
diff --git a/lib/Runtime/Library/JavascriptProxy.cpp b/lib/Runtime/Library/JavascriptProxy.cpp
@@ -1870,7 +1870,7 @@ namespace Js
     {
         if (propertyDescriptor.ValueSpecified())
         {
-            return propertyDescriptor.GetValue();
+            return CrossSite::MarshalVar(requestContext, propertyDescriptor.GetValue());
         }
         if (propertyDescriptor.GetterSpecified())
         {
@@ -2120,7 +2120,7 @@ namespace Js
         return trapResult;
     }
 
-    JavascriptArray* JavascriptProxy::PropertyKeysTrap(KeysTrapKind keysTrapKind)
+    JavascriptArray* JavascriptProxy::PropertyKeysTrap(KeysTrapKind keysTrapKind, ScriptContext* requestContext)
     {
         PROBE_STACK(GetScriptContext(), Js::Constants::MinStackDefault);
 
@@ -2149,7 +2149,7 @@ namespace Js
         //6. ReturnIfAbrupt(trap).
         //7. If trap is undefined, then
         //      a. Return target.[[OwnPropertyKeys]]().
-        JavascriptFunction* ownKeysMethod = GetMethodHelper(PropertyIds::ownKeys, scriptContext);
+        JavascriptFunction* ownKeysMethod = GetMethodHelper(PropertyIds::ownKeys, requestContext);
         Assert(!GetScriptContext()->IsHeapEnumInProgress());
 
         JavascriptArray *targetKeys;
diff --git a/lib/Runtime/Library/JavascriptProxy.h b/lib/Runtime/Library/JavascriptProxy.h
@@ -156,7 +156,7 @@ namespace Js
 
         void PropertyIdFromInt(uint32 index, PropertyRecord const** propertyRecord);
 
-        JavascriptArray* PropertyKeysTrap(KeysTrapKind keysTrapKind);
+        JavascriptArray* PropertyKeysTrap(KeysTrapKind keysTrapKind, ScriptContext* requestContext);
 
         template <class Fn>
         void GetOwnPropertyKeysHelper(ScriptContext* scriptContext, RecyclableObject* trapResultArray, uint32 len, JavascriptArray* trapResult,
diff --git a/test/es6/proxy_cctx_bugs.js b/test/es6/proxy_cctx_bugs.js
@@ -51,5 +51,48 @@ function test2() {
   sc9_cctx.test();
 }
 
+function test3() {
+  var obj1 = {};
+  var arrObj0 = {};
+  var x=1
+  var proxyHandler = {};
+  proxyHandler['get'] = function () {};
+  proxyHandler['defineProperty'] = function (target, property, descriptor) {    
+    return Reflect.defineProperty(target, property, descriptor);
+  };
+  proxyHandler['isExtensible'] = function (target) {  
+    arrObj0.prop0;
+    arrObj0 = new Proxy(arrObj0, proxyHandler);
+    return Reflect.isExtensible(target);
+  };
+  arrObj0 = new Proxy(arrObj0, proxyHandler);
+  arrObj0 = new Proxy(arrObj0, proxyHandler);
+  do {
+    var sc3 = WScript.LoadScript('function test(){arrObj0.length = arrObj0[obj1];}', 'samethread');
+    sc3.obj1 = obj1;
+    sc3.arrObj0 = arrObj0;
+    sc3.test();
+  } while (x--);
+}
+
+function test4() {
+  var func3 = function () { };
+  var ary = Array();
+  var proxyHandler = {};
+  var ownkeys = Reflect.ownKeys(ary);
+  proxyHandler['ownKeys'] = function () {
+    func3() == 0;
+    return ownkeys;
+  };
+
+  ary = new Proxy(ary, proxyHandler);
+  var sc2 = WScript.LoadScript('function test(){for (var x in ary);}', 'samethread');
+  sc2.ary = ary;
+  sc2.func3 = func3;
+  sc2.test();
+}
+
 test1();
-test2();
+test2();
+test3();
+test4();

Original file line number	Diff line number	Diff line change
`@@ -1116,7 +1116,7 @@ namespace Js`
`1116`	`1116`	`if (JavascriptProxy::Is(instance))`
`1117`	`1117`	`{`
`1118`	`1118`	`JavascriptProxy* proxy = JavascriptProxy::FromVar(instance);`
`1119`		`- return proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::GetOwnPropertyNamesKind);`
	`1119`	`+ return proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::GetOwnPropertyNamesKind, scriptContext);`
`1120`	`1120`	`}`
`1121`	`1121`
`1122`	`1122`	`return JavascriptObject::CreateOwnStringPropertiesHelper(object, scriptContext);`
`@@ -1130,7 +1130,7 @@ namespace Js`
`1130`	`1130`	`if (JavascriptProxy::Is(instance))`
`1131`	`1131`	`{`
`1132`	`1132`	`JavascriptProxy* proxy = JavascriptProxy::FromVar(instance);`
`1133`		`- return proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::GetOwnPropertySymbolKind);`
	`1133`	`+ return proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::GetOwnPropertySymbolKind, scriptContext);`
`1134`	`1134`	`}`
`1135`	`1135`
`1136`	`1136`	`return JavascriptObject::CreateOwnSymbolPropertiesHelper(object, scriptContext);`
`@@ -1143,7 +1143,7 @@ namespace Js`
`1143`	`1143`	`if (JavascriptProxy::Is(instance))`
`1144`	`1144`	`{`
`1145`	`1145`	`JavascriptProxy* proxy = JavascriptProxy::FromVar(instance);`
`1146`		`- return proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::KeysKind);`
	`1146`	`+ return proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::KeysKind, scriptContext);`
`1147`	`1147`	`}`
`1148`	`1148`
`1149`	`1149`	`return JavascriptObject::CreateOwnStringSymbolPropertiesHelper(object, scriptContext);`
`@@ -1156,7 +1156,7 @@ namespace Js`
`1156`	`1156`	`if (JavascriptProxy::Is(instance))`
`1157`	`1157`	`{`
`1158`	`1158`	`JavascriptProxy* proxy = JavascriptProxy::FromVar(instance);`
`1159`		`- JavascriptArray* proxyResult = proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::GetOwnPropertyNamesKind);`
	`1159`	`+ JavascriptArray* proxyResult = proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::GetOwnPropertyNamesKind, scriptContext);`
`1160`	`1160`	`JavascriptArray* proxyResultToReturn = scriptContext->GetLibrary()->CreateArray(0);`
`1161`	`1161`
`1162`	`1162`	`// filter enumerable keys`
`@@ -1192,7 +1192,7 @@ namespace Js`
`1192`	`1192`	`if (JavascriptProxy::Is(instance))`
`1193`	`1193`	`{`
`1194`	`1194`	`JavascriptProxy* proxy = JavascriptProxy::FromVar(instance);`
`1195`		`- return proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::KeysKind);`
	`1195`	`+ return proxy->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::KeysKind, scriptContext);`
`1196`	`1196`	`}`
`1197`	`1197`	`return JavascriptObject::CreateOwnEnumerableStringSymbolPropertiesHelper(object, scriptContext);`
`1198`	`1198`	`}`
Original file line number	Diff line number	Diff line change
`@@ -603,7 +603,7 @@ namespace JSON`
`603`	`603`	`if (JavascriptProxy::Is(object))`
`604`	`604`	`{`
`605`	`605`	`JavascriptProxy* proxyObject = JavascriptProxy::FromVar(object);`
`606`		`- JavascriptArray* proxyResult = proxyObject->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::GetOwnPropertyNamesKind);`
	`606`	`+ JavascriptArray* proxyResult = proxyObject->PropertyKeysTrap(JavascriptProxy::KeysTrapKind::GetOwnPropertyNamesKind, this->scriptContext);`
`607`	`607`
`608`	`608`	`// filter enumerable keys`
`609`	`609`	`uint32 resultLength = proxyResult->GetLength();`
Original file line number	Diff line number	Diff line change
`@@ -1870,7 +1870,7 @@ namespace Js`
`1870`	`1870`	`{`
`1871`	`1871`	`if (propertyDescriptor.ValueSpecified())`
`1872`	`1872`	`{`
`1873`		`- return propertyDescriptor.GetValue();`
	`1873`	`+ return CrossSite::MarshalVar(requestContext, propertyDescriptor.GetValue());`
`1874`	`1874`	`}`
`1875`	`1875`	`if (propertyDescriptor.GetterSpecified())`
`1876`	`1876`	`{`
`@@ -2120,7 +2120,7 @@ namespace Js`
`2120`	`2120`	`return trapResult;`
`2121`	`2121`	`}`
`2122`	`2122`
`2123`		`- JavascriptArray* JavascriptProxy::PropertyKeysTrap(KeysTrapKind keysTrapKind)`
	`2123`	`+ JavascriptArray* JavascriptProxy::PropertyKeysTrap(KeysTrapKind keysTrapKind, ScriptContext* requestContext)`
`2124`	`2124`	`{`
`2125`	`2125`	`PROBE_STACK(GetScriptContext(), Js::Constants::MinStackDefault);`
`2126`	`2126`
`@@ -2149,7 +2149,7 @@ namespace Js`
`2149`	`2149`	`//6. ReturnIfAbrupt(trap).`
`2150`	`2150`	`//7. If trap is undefined, then`
`2151`	`2151`	`// a. Return target.[[OwnPropertyKeys]]().`
`2152`		`- JavascriptFunction* ownKeysMethod = GetMethodHelper(PropertyIds::ownKeys, scriptContext);`
	`2152`	`+ JavascriptFunction* ownKeysMethod = GetMethodHelper(PropertyIds::ownKeys, requestContext);`
`2153`	`2153`	`Assert(!GetScriptContext()->IsHeapEnumInProgress());`
`2154`	`2154`
`2155`	`2155`	`JavascriptArray *targetKeys;`