Closed Bug 1325606 Opened 3 years ago Closed 3 years ago

Legacy .caller allows to access the internal generator function of async functions

Categories

(Core :: JavaScript Engine, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla53
Tracking Status
firefox53 --- fixed

People

(Reporter: anba, Assigned: arai)

References

Details

Attachments

(1 file)

Test case:
---
(async function f() {
    var inner = (function g() { return g.caller })();
    print(inner === f);
})();
---

Expected: Prints "true"
Actual: Prints "false"
Thanks.

Changed CallerGetterImpl to get wrapped async function if unwrapped async function is on the call stack.
also added a code to unwrap the wrapped async function when checking strictness.
(there 2 kind of "wrap"s are done, one for compartment, one for async... :P

CallerSetterImpl also has similar code, but it uses the function only to check access and strictness, so no need to get wrapped async function there.
Assignee: nobody → arai.unmht
Status: NEW → ASSIGNED
Attachment #8821552 - Flags: review?(jwalden+bmo)
Comment on attachment 8821552 [details] [diff] [review]
Return wrapped async function from caller property.

Review of attachment 8821552 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/jsfun.cpp
@@ +356,5 @@
>  
>      RootedObject caller(cx, iter.callee(cx));
> +    // No need to handle unwrapped async function here, since we only check
> +    // access and strictness, both can be checked without getting wrapped
> +    // async function.

This is sort of a run-on sentence, and it wants something like a/an/the before "wrapped".  How about:

    // |caller| is only used for security access-checking and for its
    // strictness.  An unwrapped async function has its wrapped async
    // function's security access and strictness, so don't bother calling
    // |GetUnwrappedAsyncFunction|.
Attachment #8821552 - Flags: review?(jwalden+bmo) → review+
Incidentally, it would be nice if the async-function accessor functions had any docs at all.  I could handwave the meaning fairly easily, but not as easily as if AsyncFunction.h explained what they did.
https://hg.mozilla.org/integration/mozilla-inbound/rev/7fe7e01ef361d56091d288bb78c5df47a3ea8358
Bug 1325606 - Return wrapped async function from caller property. r=jwalden
See Also: → 1328820
https://hg.mozilla.org/mozilla-central/rev/7fe7e01ef361
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
You need to log in before you can comment on or make changes to this bug.