# HG changeset patch # User sundar # Date 1403696327 -19800 # Node ID ac1d21c4d61df332695a8b631576e2e0e5681192 # Parent 92eb440faf5c3965072195e5b224743553db3a48 8048071: eval within 'with' statement does not use correct scope if with scope expression has a copy of eval Reviewed-by: hannesw, jlaskey diff -r 92eb440faf5c -r ac1d21c4d61d nashorn/src/jdk/nashorn/internal/codegen/CodeGenerator.java --- a/nashorn/src/jdk/nashorn/internal/codegen/CodeGenerator.java Tue Jun 24 19:29:41 2014 +0200 +++ b/nashorn/src/jdk/nashorn/internal/codegen/CodeGenerator.java Wed Jun 25 17:08:47 2014 +0530 @@ -1290,13 +1290,26 @@ int argsCount; @Override void loadStack() { - loadExpressionAsObject(ident); // Type.OBJECT as foo() makes no sense if foo == 3 - method.dup(); + /** + * We want to load 'eval' to check if it is indeed global builtin eval. + * If this eval call is inside a 'with' statement, dyn:getMethod|getProp|getElem + * would be generated if ident is a "isFunction". But, that would result in a + * bound function from WithObject. We don't want that as bound function as that + * won't be detected as builtin eval. So, we make ident as "not a function" which + * results in "dyn:getProp|getElem|getMethod" being generated and so WithObject + * would return unbounded eval function. + * + * Example: + * + * var global = this; + * function func() { + * with({ eval: global.eval) { eval("var x = 10;") } + * } + */ + loadExpressionAsObject(ident.setIsNotFunction()); // Type.OBJECT as foo() makes no sense if foo == 3 globalIsEval(); method.ifeq(is_not_eval); - // We don't need ScriptFunction object for 'eval' - method.pop(); // Load up self (scope). method.loadCompilerConstant(SCOPE); final CallNode.EvalArgs evalArgs = callNode.getEvalArgs(); @@ -1316,6 +1329,8 @@ method._goto(invoke_direct_eval); method.label(is_not_eval); + // load this time but with dyn:getMethod|getProp|getElem + loadExpressionAsObject(ident); // Type.OBJECT as foo() makes no sense if foo == 3 // This is some scope 'eval' or global eval replaced by user // but not the built-in ECMAScript 'eval' function call method.loadNull(); diff -r 92eb440faf5c -r ac1d21c4d61d nashorn/src/jdk/nashorn/internal/ir/IdentNode.java --- a/nashorn/src/jdk/nashorn/internal/ir/IdentNode.java Tue Jun 24 19:29:41 2014 +0200 +++ b/nashorn/src/jdk/nashorn/internal/ir/IdentNode.java Wed Jun 25 17:08:47 2014 +0530 @@ -280,6 +280,17 @@ return new IdentNode(this, name, type, flags | FUNCTION, programPoint, conversion); } + /** + * Mark this node as not being the callee operand of a {@link CallNode}. + * @return an ident node identical to this one in all aspects except with its function flag unset. + */ + public IdentNode setIsNotFunction() { + if (! isFunction()) { + return this; + } + return new IdentNode(this, name, type, flags & ~FUNCTION, programPoint, conversion); + } + @Override public int getProgramPoint() { return programPoint; diff -r 92eb440faf5c -r ac1d21c4d61d nashorn/test/script/basic/JDK-8048071.js --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/nashorn/test/script/basic/JDK-8048071.js Wed Jun 25 17:08:47 2014 +0530 @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * JDK-8048071: eval within 'with' statement does not use correct scope if with scope expression has a copy of eval + * + * @test + * @run + */ + +function func() { + var x = 1; + with ({ eval: this.eval }) { + eval("var x = 23"); + } + + return x; +} + +print(func()); +print("typeof x? " + typeof x); + +print((function(global){ + var x = 1; + with(global) { + eval("eval('var x=0')"); + } + return x; +})(this)); +print("typeof x? " + typeof x); + +print((function(global){ + var x = 1; + with({eval: global.eval}) { + eval("eval('var x=0')"); + } + return x; +})(this)); +print("typeof x? " + typeof x); + +// not-builtin eval cases + +(function () { + function eval(str) { + print("local eval called: " + str); + print(this); + } + + with({}) { + eval("hello"); + } +})(); + +(function () { + with({ + eval:function(str) { + print("with's eval called: " + str); + print("this = " + this); + print("this.foo = " + this.foo); + }, + foo: 42 + }) { + eval("hello") + } +})(); diff -r 92eb440faf5c -r ac1d21c4d61d nashorn/test/script/basic/JDK-8048071.js.EXPECTED --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/nashorn/test/script/basic/JDK-8048071.js.EXPECTED Wed Jun 25 17:08:47 2014 +0530 @@ -0,0 +1,11 @@ +23 +typeof x? undefined +0 +typeof x? undefined +0 +typeof x? undefined +local eval called: hello +[object global] +with's eval called: hello +this = [object Object] +this.foo = 42