From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 21:33:14 +0200 Subject: Adding upstream version 115.7.0esr. Signed-off-by: Daniel Baumann --- .../fields/private-field-symbol-debugger-access.js | 37 ++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 js/src/jit-test/tests/fields/private-field-symbol-debugger-access.js (limited to 'js/src/jit-test/tests/fields/private-field-symbol-debugger-access.js') diff --git a/js/src/jit-test/tests/fields/private-field-symbol-debugger-access.js b/js/src/jit-test/tests/fields/private-field-symbol-debugger-access.js new file mode 100644 index 0000000000..cd960a3be1 --- /dev/null +++ b/js/src/jit-test/tests/fields/private-field-symbol-debugger-access.js @@ -0,0 +1,37 @@ +// Make a new global to debug +const global = newGlobal({ newCompartment: true }); + +// Create an object in that global with a private field. +global.eval("\nclass MyClass {\n #privateProperty1\n }\nobj = new MyClass();"); + +// Debug said global. +const debug = Debugger(); +const globalDebugObject = debug.addDebuggee(global); + +// Leak the private name symbol backing the private field. +var otherGlobalObj = globalDebugObject.getOwnPropertyDescriptor("obj").value +var privateSymbol = otherGlobalObj.getOwnPrivateProperties()[0] + +// Create a different proxy. +var p = new Proxy({}, {}); + +// Try to look up the leaked private symbol on the new proxy. +// This crashes, as it violates the assumption baked into the proxy code +// that all accesses are scripted, and thus creation and symbol management +// invariants are correctly observed. +fail = false; +try { + p[privateSymbol] = 1; + fail = true; +} catch (e) { + assertEq(e instanceof TypeError, true); +} +assertEq(fail, false); + +try { + p[privateSymbol]; + fail = true; +} catch (e) { + assertEq(e instanceof TypeError, true); +} +assertEq(fail, false); -- cgit v1.2.3