|
3.56 KB,
patch
|
Waldo
:
review+
|
Details | Diff | Splinter Review |
Waldo spotted this by reading the code.
var g = newGlobal('new-compartment');
var dbg = Debugger(g);
dbg.onDebuggerStatement = function (frame) {
try {
frame.arguments[0].deleteProperty("x");
} catch (exc) {
return;
}
throw new Error("deleteProperty should throw");
};
g.eval("function h(x) { debugger; }");
g.eval("h(Proxy.create({delete: function () { throw Error.prototype; }}));");
|
(Assignee) | |
Comment 1•6 years ago
|
||
Created attachment 553206 [details] [diff] [review] v1 Note that this also adds ErrorCopiers to a few other places where we run the risk of causing the debuggee to run.
|
|
(Assignee) | |
Comment 2•6 years ago
|
||
Created attachment 553914 [details] [diff] [review] v2 Same as v1, but actually include the test. Shift review to jwalden since jimb is on vacation.
|
||
Comment 3•6 years ago
|
||
Comment on attachment 553914 [details] [diff] [review] v2 Review of attachment 553914 [details] [diff] [review]: ----------------------------------------------------------------- This is kind of rubberstampy, I don't actually know that you've addressed every place where this has to happen, but it looks plausible. Someone else can find the remaining instances, if there are any.
|
|
(Assignee) | |
Comment 4•6 years ago
|
||
hg.mozilla.org/integration/mozilla-inbound/rev/6bb148047bb5
|
||
Comment 5•6 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/6bb148047bb5
Description
•