From 011e39c9be353279d6eff75cc1d9f518409048a8 Mon Sep 17 00:00:00 2001 From: Ben Creech Date: Tue, 9 Apr 2024 12:04:54 -0400 Subject: [PATCH] Verify objects before casts --- src/v8_py_frontend/object_manipulator.cc | 24 ++++++++++++++++++++++++ src/v8_py_frontend/promise_attacher.cc | 4 ++++ 2 files changed, 28 insertions(+) diff --git a/src/v8_py_frontend/object_manipulator.cc b/src/v8_py_frontend/object_manipulator.cc index ca1b9407..25f7eac5 100644 --- a/src/v8_py_frontend/object_manipulator.cc +++ b/src/v8_py_frontend/object_manipulator.cc @@ -31,6 +31,10 @@ auto ObjectManipulator::GetIdentityHash(v8::Isolate* isolate, const v8::Context::Scope context_scope(local_context); const v8::Local local_obj_val = obj_ptr->ToValue(local_context); + if (!local_obj_val->IsObject() && !local_obj_val->IsSymbol()) { + return bv_factory_->New("Not an object", type_execute_exception); + } + const v8::Local local_obj = local_obj_val.As(); return bv_factory_->New(static_cast(local_obj->GetIdentityHash()), @@ -46,6 +50,10 @@ auto ObjectManipulator::GetOwnPropertyNames(v8::Isolate* isolate, const v8::Context::Scope context_scope(local_context); const v8::Local local_obj_val = obj_ptr->ToValue(local_context); + if (!local_obj_val->IsObject() && !local_obj_val->IsSymbol()) { + return bv_factory_->New("Not an object", type_execute_exception); + } + const v8::Local local_obj = local_obj_val.As(); const v8::Local names = @@ -63,6 +71,10 @@ auto ObjectManipulator::Get(v8::Isolate* isolate, const v8::Context::Scope context_scope(local_context); const v8::Local local_obj_val = obj_ptr->ToValue(local_context); + if (!local_obj_val->IsObject() && !local_obj_val->IsSymbol()) { + return bv_factory_->New("Not an object", type_execute_exception); + } + const v8::Local local_obj = local_obj_val.As(); const v8::Local local_key = key_ptr->ToValue(local_context); @@ -86,6 +98,10 @@ auto ObjectManipulator::Set(v8::Isolate* isolate, const v8::Context::Scope context_scope(local_context); const v8::Local local_obj_val = obj_ptr->ToValue(local_context); + if (!local_obj_val->IsObject() && !local_obj_val->IsSymbol()) { + return bv_factory_->New("Not an object", type_execute_exception); + } + const v8::Local local_obj = local_obj_val.As(); const v8::Local local_key = key_ptr->ToValue(local_context); const v8::Local local_value = val_ptr->ToValue(local_context); @@ -104,6 +120,10 @@ auto ObjectManipulator::Del(v8::Isolate* isolate, const v8::Context::Scope context_scope(local_context); const v8::Local local_obj_val = obj_ptr->ToValue(local_context); + if (!local_obj_val->IsObject() && !local_obj_val->IsSymbol()) { + return bv_factory_->New("Not an object", type_execute_exception); + } + const v8::Local local_obj = local_obj_val.As(); const v8::Local local_key = key_ptr->ToValue(local_context); @@ -126,6 +146,10 @@ auto ObjectManipulator::Splice(v8::Isolate* isolate, const v8::Context::Scope context_scope(local_context); const v8::Local local_obj_val = obj_ptr->ToValue(local_context); + if (!local_obj_val->IsObject()) { + return bv_factory_->New("Not an object", type_execute_exception); + } + const v8::Local local_obj = local_obj_val.As(); // Array.prototype.splice doesn't exist in C++ in V8. We have to find the JS diff --git a/src/v8_py_frontend/promise_attacher.cc b/src/v8_py_frontend/promise_attacher.cc index 9827cb7b..96b45788 100644 --- a/src/v8_py_frontend/promise_attacher.cc +++ b/src/v8_py_frontend/promise_attacher.cc @@ -33,6 +33,10 @@ auto PromiseAttacher::AttachPromiseThen(v8::Isolate* isolate, const v8::Local local_promise_val = promise_ptr->ToValue(local_context); + if (!local_promise_val->IsPromise()) { + return bv_factory_->New("Not a promise", type_execute_exception); + } + const v8::Local local_promise = local_promise_val.As();