Skip to content

Commit 0ba5cc4

Browse files
3zrvaduh95
authored andcommitted
src: fix crash when reading length on Storage.prototype
Signed-off-by: Mohamed Sayed <k@3zrv.com> PR-URL: #63529 Fixes: #63514 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
1 parent 73295d5 commit 0ba5cc4

2 files changed

Lines changed: 26 additions & 2 deletions

File tree

src/node_webstorage.cc

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,7 @@ using v8::PropertyAttribute;
4343
using v8::PropertyCallbackInfo;
4444
using v8::PropertyDescriptor;
4545
using v8::PropertyHandlerFlags;
46+
using v8::Signature;
4647
using v8::String;
4748
using v8::Value;
4849

@@ -737,8 +738,9 @@ static void Initialize(Local<Object> target,
737738
Local<Value>(),
738739
PropertyHandlerFlags::kHasNoSideEffect));
739740

740-
Local<FunctionTemplate> length_getter =
741-
FunctionTemplate::New(isolate, StorageLengthGetter);
741+
Local<Signature> length_signature = Signature::New(isolate, ctor_tmpl);
742+
Local<FunctionTemplate> length_getter = FunctionTemplate::New(
743+
isolate, StorageLengthGetter, Local<Value>(), length_signature);
742744
ctor_tmpl->PrototypeTemplate()->SetAccessorProperty(env->length_string(),
743745
length_getter,
744746
Local<FunctionTemplate>(),

test/parallel/test-webstorage.js

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,28 @@ test('Storage instances cannot be created in userland', async () => {
5151
assert.match(cp.stderr, /Error: Illegal constructor/);
5252
});
5353

54+
test('calling "length" getter on invalid this throws', async () => {
55+
const cp = await spawnPromisified(process.execPath, [
56+
'--no-warnings',
57+
'--experimental-webstorage', '-e', `(${function() {
58+
// eslint-disable-next-line node-core/must-call-assert
59+
assert.throws(() => Storage.prototype.length, TypeError);
60+
const { get } = Object.getOwnPropertyDescriptor(Storage.prototype, 'length');
61+
for (const thisArg of [null, undefined, 1n, -0, NaN, true, false, '', [], {}, Symbol()]) {
62+
// eslint-disable-next-line node-core/must-call-assert
63+
assert.throws(() => get.call(thisArg), TypeError);
64+
}
65+
}})();`,
66+
]);
67+
68+
assert.deepStrictEqual(cp, {
69+
code: 0,
70+
signal: null,
71+
stdout: '',
72+
stderr: '',
73+
});
74+
});
75+
5476
test('sessionStorage is not persisted', async () => {
5577
let cp = await spawnPromisified(process.execPath, [
5678
'--experimental-webstorage', '-pe', 'sessionStorage.foo = "barbaz"',

0 commit comments

Comments
 (0)