diff options
author | kalman@chromium.org <kalman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-06-10 14:20:41 +0000 |
---|---|---|
committer | kalman@chromium.org <kalman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-06-10 14:20:41 +0000 |
commit | 195487fc27da171fc6a7420991d947033d33ebf0 (patch) | |
tree | c6628640bfab88fa67553e763190b47cc8dfe83a /content/renderer/v8_value_converter_impl_unittest.cc | |
parent | 5a730cc079afbaf81f59c529da08d90c75210c13 (diff) | |
download | chromium_src-195487fc27da171fc6a7420991d947033d33ebf0.zip chromium_src-195487fc27da171fc6a7420991d947033d33ebf0.tar.gz chromium_src-195487fc27da171fc6a7420991d947033d33ebf0.tar.bz2 |
Revert 205184 "Revert 204057 "Recurse to a maximum depth of 10 i..."
> Revert 204057 "Recurse to a maximum depth of 10 in v8_value_conv..."
>
> The commit caused crbug.com/248019.
>
> > Recurse to a maximum depth of 10 in v8_value_converter_impl.cc. There are
> > objects that get passed in (canonically <input> elements apparently) which
> > recurse infinitely (as opposed to having a self-referential loop).
> >
> > The previous solution to this problem (r150035) was to disable getters, which
> > apparently were the main cause, but this is no longer appropriate - we now use
> > this mechanism for all extension messaging, and this has become a problem (see
> > bug 246213).
> >
> > TBR=jamesr@chromium.org, mpcomplete@chromium.org
> >
> > BUG=246213,139933
> >
> > Review URL: https://codereview.chromium.org/16295013
>
> TBR=kalman@chromium.org
>
> Review URL: https://codereview.chromium.org/16733002
TBR=marja@chromium.org
Review URL: https://codereview.chromium.org/16511004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@205209 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/renderer/v8_value_converter_impl_unittest.cc')
-rw-r--r-- | content/renderer/v8_value_converter_impl_unittest.cc | 79 |
1 files changed, 36 insertions, 43 deletions
diff --git a/content/renderer/v8_value_converter_impl_unittest.cc b/content/renderer/v8_value_converter_impl_unittest.cc index 2071b7e..a5ce247 100644 --- a/content/renderer/v8_value_converter_impl_unittest.cc +++ b/content/renderer/v8_value_converter_impl_unittest.cc @@ -447,49 +447,6 @@ TEST_F(V8ValueConverterImplTest, RecursiveObjects) { EXPECT_TRUE(IsNull(list_result.get(), 1)); } -// Do not try and convert any named callbacks including getters. -TEST_F(V8ValueConverterImplTest, ObjectGetters) { - v8::Context::Scope context_scope(context_); - v8::HandleScope handle_scope; - - const char* source = "(function() {" - "var a = {};" - "a.__defineGetter__('foo', function() { return 'bar'; });" - "return a;" - "})();"; - - v8::Handle<v8::Script> script(v8::Script::New(v8::String::New(source))); - v8::Handle<v8::Object> object = script->Run().As<v8::Object>(); - ASSERT_FALSE(object.IsEmpty()); - - V8ValueConverterImpl converter; - scoped_ptr<base::DictionaryValue> result( - static_cast<base::DictionaryValue*>( - converter.FromV8Value(object, context_))); - ASSERT_TRUE(result.get()); - EXPECT_EQ(0u, result->size()); -} - -// Do not try and convert any named callbacks including getters. -TEST_F(V8ValueConverterImplTest, ObjectWithInternalFieldsGetters) { - v8::Context::Scope context_scope(context_); - v8::HandleScope handle_scope; - - v8::Handle<v8::ObjectTemplate> object_template = v8::ObjectTemplate::New(); - object_template->SetInternalFieldCount(1); - object_template->SetAccessor(v8::String::New("foo"), NamedCallbackGetter); - v8::Handle<v8::Object> object = object_template->NewInstance(); - ASSERT_FALSE(object.IsEmpty()); - object->Set(v8::String::New("a"), v8::String::New("b")); - - V8ValueConverterImpl converter; - scoped_ptr<base::DictionaryValue> result( - static_cast<base::DictionaryValue*>( - converter.FromV8Value(object, context_))); - ASSERT_TRUE(result.get()); - EXPECT_EQ(1u, result->size()); -} - TEST_F(V8ValueConverterImplTest, WeirdProperties) { v8::Context::Scope context_scope(context_); v8::HandleScope handle_scope; @@ -650,4 +607,40 @@ TEST_F(V8ValueConverterImplTest, DetectCycles) { EXPECT_TRUE(expected_dictionary.Equals(actual_dictionary.get())); } +TEST_F(V8ValueConverterImplTest, MaxRecursionDepth) { + v8::Context::Scope context_scope(context_); + v8::HandleScope handle_scope; + + // Must larger than kMaxRecursionDepth in v8_value_converter_impl.cc. + int kDepth = 100; + const char kKey[] = "key"; + + v8::Local<v8::Object> deep_object = v8::Object::New(); + + v8::Local<v8::Object> leaf = deep_object; + for (int i = 0; i < kDepth; ++i) { + v8::Local<v8::Object> new_object = v8::Object::New(); + leaf->Set(v8::String::New(kKey), new_object); + leaf = new_object; + } + + V8ValueConverterImpl converter; + scoped_ptr<base::Value> value(converter.FromV8Value(deep_object, context_)); + ASSERT_TRUE(value); + + // Expected depth is kMaxRecursionDepth in v8_value_converter_impl.cc. + int kExpectedDepth = 10; + + base::Value* current = value.get(); + for (int i = 1; i < kExpectedDepth; ++i) { + base::DictionaryValue* current_as_object = NULL; + ASSERT_TRUE(current->GetAsDictionary(¤t_as_object)) << i; + ASSERT_TRUE(current_as_object->Get(kKey, ¤t)) << i; + } + + // The leaf node shouldn't have any properties. + base::DictionaryValue empty; + EXPECT_TRUE(Value::Equals(&empty, current)) << *current; +} + } // namespace content |