'[PECL-CVS] com pecl/languages/v8js: Reject V8Function passback to wrong isolate, closes #116: =?UTF-'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pecl-cvs
Subject:    [PECL-CVS] com pecl/languages/v8js: Reject V8Function passback to wrong isolate, closes #116: =?UTF-
From:       Stefan Siegl <stesie () php ! net>
Date:       2014-10-31 23:35:28
Message-ID: php-mail-15b51db3822d33c8a93819c3edb55dbf750769174 () git ! php ! net
[Download RAW message or body]

Commit:    8d8aed1e726a237da7855b16a7aa98701527e306
Author:    Stefan Siegl <stesie@brokenpipe.de>         Fri, 31 Oct 2014 23:22:40 \
                +0000
Parents:   3145ea03230bf3fbb1f9e8d103fc33406c19d88d
Branches:  master

Link:       http://git.php.net/?p=pecl/languages/v8js.git;a=commitdiff;h=8d8aed1e726a237da7855b16a7aa98701527e306


Log:
Reject V8Function passback to wrong isolate, closes #116

Bugs:
https://bugs.php.net/116

Changed paths:
  A  tests/issue_116-v8function-injection.phpt
  M  v8js_convert.cc


Diff:
diff --git a/tests/issue_116-v8function-injection.phpt \
b/tests/issue_116-v8function-injection.phpt new file mode 100644
index 0000000..31cb56c
--- /dev/null
+++ b/tests/issue_116-v8function-injection.phpt
@@ -0,0 +1,47 @@
+--TEST--
+Test V8::executeString() : Issue #116 V8Function injection into other V8Js
+--SKIPIF--
+<?php require_once(dirname(__FILE__) . '/skipif.inc'); ?>
+--FILE--
+<?php
+$a = new V8Js();
+$b = new V8Js();
+
+$a->name = 'A';
+$b->name = 'B';
+
+$a->b = $b;
+$a->executeString('PHP.b.test = function() { print("Hallo from within " + PHP.name + \
".\\n"); };'); +
+// in PHP we see the property
+var_dump($b->test);
+
+// we see (and can call) the function object in instance A
+print("in A:\n");
+$a->executeString('PHP.b.test();');
+
+// in B the function object is not available
+print("in B:\n");
+$b->executeString('print(typeof PHP.b + "\\n");');
+
+try {
+	$b->executeString('PHP.test();');
+}
+catch(Exception $e) {
+	var_dump($e->getMessage());
+}
+
+unset($a);
+unset($b);
+?>
+===EOF===
+--EXPECTF--
+Warning: V8Js::executeString(): V8Function object passed to wrong V8Js instance in \
%s on line %d +object(V8Function)#%d (0) {
+}
+in A:
+Hallo from within A.
+in B:
+undefined
+string(%d) "V8Js::compileString():1: TypeError: %s is not a function"
+===EOF===
diff --git a/v8js_convert.cc b/v8js_convert.cc
index 92214b4..5eec007 100644
--- a/v8js_convert.cc
+++ b/v8js_convert.cc
@@ -889,8 +889,13 @@ static v8::Handle<v8::Value> php_v8js_hash_to_jsobj(zval *value, \
v8::Isolate *is  /* Object methods */
 	if (ce == php_ce_v8_function) {
 		php_v8js_object *c = (php_v8js_object *) zend_object_store_get_object(value \
                TSRMLS_CC);
-		v8::Local<v8::Value> v8obj = v8::Local<v8::Value>::New(isolate, c->v8obj);
 
+		if(isolate != c->ctx->isolate) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "V8Function object passed to wrong \
V8Js instance"); +			return V8JS_NULL;
+		}
+
+		v8::Local<v8::Value> v8obj = v8::Local<v8::Value>::New(isolate, c->v8obj);
 		return v8obj;
 	} else if (ce) {
 		php_v8js_ctx *ctx = (php_v8js_ctx *) isolate->GetData(0);


--
PECL CVS Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic