Bug 1123011 - Box 'this' values when eval'ing strict scripts from a non-strict Ion script, r=jandem.

This commit is contained in:
Brian Hackett 2015-01-23 12:29:05 -07:00
Родитель f4b09875cf
Коммит 684f63c992
3 изменённых файлов: 24 добавлений и 1 удалений

Просмотреть файл

@ -428,7 +428,19 @@ js::DirectEvalStringFromIon(JSContext *cx,
// the calling frame cannot be updated to store the new object.
MOZ_ASSERT(thisValue.isObject() || thisValue.isUndefined() || thisValue.isNull());
return ExecuteKernel(cx, esg.script(), *scopeobj, thisValue, ExecuteType(DIRECT_EVAL),
// When eval'ing strict code in a non-strict context, compute the 'this'
// value to use from what the caller passed in. This isn't necessary if
// the callee is not strict, as it will compute the non-strict 'this'
// value as necessary while it executes.
RootedValue nthisValue(cx, thisValue);
if (!callerScript->strict() && esg.script()->strict() && !thisValue.isObject()) {
JSObject *obj = BoxNonStrictThis(cx, thisValue);
if (!obj)
return false;
nthisValue = ObjectValue(*obj);
}
return ExecuteKernel(cx, esg.script(), *scopeobj, nthisValue, ExecuteType(DIRECT_EVAL),
NullFramePtr() /* evalInFrame */, vp.address());
}

Просмотреть файл

@ -0,0 +1,8 @@
var global = this;
function f() {
return eval("'use strict'; this;");
}
for (var j = 0; j < 5; ++j) {
assertEq(f(), global);
}

Просмотреть файл

@ -5943,6 +5943,9 @@ IonBuilder::jsop_eval(uint32_t argc)
if (!info().funMaybeLazy())
return abort("Direct eval in global code");
if (info().funMaybeLazy()->isArrow())
return abort("Direct eval from arrow function");
// The 'this' value for the outer and eval scripts must be the
// same. This is not guaranteed if a primitive string/number/etc.
// is passed through to the eval invoke as the primitive may be