Bug 1394496 - Evaluate's envChainObject should throw if passed a global. r=tcampbell
MozReview-Commit-ID: 7PBHQkvJigD
--- a/js/src/shell/js.cpp
+++ b/js/src/shell/js.cpp
@@ -1591,25 +1591,26 @@ Evaluate(JSContext* cx, unsigned argc, V
if (!JS_GetProperty(cx, opts, "envChainObject", &v))
return false;
if (!v.isUndefined()) {
if (loadBytecode) {
JS_ReportErrorASCII(cx, "Can't use both loadBytecode and envChainObject");
return false;
}
- if (v.isObject()) {
- if (!envChain.append(&v.toObject())) {
- JS_ReportOutOfMemory(cx);
- return false;
- }
- } else {
+ if (!v.isObject()) {
JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_UNEXPECTED_TYPE,
"\"envChainObject\" passed to evaluate()", "not an object");
return false;
+ } else if (v.toObject().is<GlobalObject>()) {
+ JS_ReportErrorASCII(cx, "\"envChainObject\" passed to evaluate() should not be a global");
+ return false;
+ } else if (!envChain.append(&v.toObject())) {
+ JS_ReportOutOfMemory(cx);
+ return false;
}
}
// We cannot load or save the bytecode if we have no object where the
// bytecode cache is stored.
if (loadBytecode || saveBytecode || saveIncrementalBytecode) {
if (!cacheEntry) {
JS_ReportErrorNumberASCII(cx, my_GetErrorMessage, nullptr, JSSMSG_INVALID_ARGS,
--- a/js/src/tests/js1_8_5/extensions/non_syntactic.js
+++ b/js/src/tests/js1_8_5/extensions/non_syntactic.js
@@ -28,9 +28,19 @@ evaluate("assertEq(someVar, 2);", evalOp
evaluate("assertEq(this.someVar, 2);", evalOpt);
evaluate("assertEq(this, alsoSomeObject);", evalOpt);
// With an object on the scope, inside a function.
evaluate("(function() { assertEq(someVar, 2);})()", evalOpt);
evaluate("(function() { assertEq(this !== alsoSomeObject, true);})()", evalOpt);
evaluate("(function() { assertEq(this.someVar, 1);})()", evalOpt);
+var globalEvalOpt = {
+ envChainObject: this
+};
+try {
+ evaluate("assertEq(someVar, 1);", globalEvalOpt);
+ throw new Error("Globals aren't allowed as a envChainObject argument to evaluate");
+} catch (e) {
+}
+
+
reportCompare(true, true);