[MERGE #6014 @akroshg] VarIsImpl for Activationobect should include cross-site vtble checks as well

akroshg · akroshg · commit e6e25c3a5ec0 · 2019-03-13T21:47:18.000-07:00
Merge pull request #6014 from akroshg:fix_5998
diff --git a/lib/Runtime/Types/ActivationObject.cpp b/lib/Runtime/Types/ActivationObject.cpp
@@ -10,11 +10,16 @@ namespace Js
 {
     template <> bool VarIsImpl<ActivationObject>(RecyclableObject* instance)
     {
-        return VirtualTableInfo<Js::ActivationObject>::HasVirtualTable(instance) ||
-            VirtualTableInfo<Js::ActivationObjectEx>::HasVirtualTable(instance) ||
-            VirtualTableInfo<Js::PseudoActivationObject>::HasVirtualTable(instance) ||
-            VirtualTableInfo<Js::BlockActivationObject>::HasVirtualTable(instance) ||
-            VirtualTableInfo<Js::ConsoleScopeActivationObject>::HasVirtualTable(instance);
+        return VirtualTableInfo<ActivationObject>::HasVirtualTable(instance) ||
+            VirtualTableInfo<CrossSiteObject<ActivationObject>>::HasVirtualTable(instance) ||
+            VirtualTableInfo<ActivationObjectEx>::HasVirtualTable(instance) ||
+            VirtualTableInfo<CrossSiteObject<ActivationObjectEx>>::HasVirtualTable(instance) ||
+            VirtualTableInfo<PseudoActivationObject>::HasVirtualTable(instance) ||
+            VirtualTableInfo<CrossSiteObject<PseudoActivationObject>>::HasVirtualTable(instance) ||
+            VirtualTableInfo<BlockActivationObject>::HasVirtualTable(instance) ||
+            VirtualTableInfo<CrossSiteObject<BlockActivationObject>>::HasVirtualTable(instance) ||
+            VirtualTableInfo<ConsoleScopeActivationObject>::HasVirtualTable(instance) ||
+            VirtualTableInfo<CrossSiteObject<ConsoleScopeActivationObject>>::HasVirtualTable(instance);
     }
 
     BOOL ActivationObject::HasOwnPropertyCheckNoRedecl(PropertyId propertyId)
@@ -172,7 +177,8 @@ namespace Js
 
     template <> bool VarIsImpl<BlockActivationObject>(RecyclableObject* instance)
     {
-        return VirtualTableInfo<Js::BlockActivationObject>::HasVirtualTable(instance);
+        return VirtualTableInfo<Js::BlockActivationObject>::HasVirtualTable(instance) ||
+            VirtualTableInfo<CrossSiteObject<BlockActivationObject>>::HasVirtualTable(instance);
     }
 
     BOOL PseudoActivationObject::InitPropertyScoped(PropertyId propertyId, Var value)
@@ -211,7 +217,8 @@ namespace Js
 
     template <> bool VarIsImpl<PseudoActivationObject>(RecyclableObject* instance)
     {
-        return VirtualTableInfo<Js::PseudoActivationObject>::HasVirtualTable(instance);
+        return VirtualTableInfo<Js::PseudoActivationObject>::HasVirtualTable(instance) ||
+            VirtualTableInfo<CrossSiteObject<PseudoActivationObject>>::HasVirtualTable(instance);
     }
 
 #if ENABLE_TTD
diff --git a/test/Bugs/misc_bugs.js b/test/Bugs/misc_bugs.js
@@ -155,6 +155,16 @@ var tests = [
         var obj2 = {__proto__ : p}; // This should not call the getPrototypeOf
     }
   },
+  {
+    name: "Cross-site activation object",
+    body: function () {
+        var tests = [0, 0];  
+        tests.forEach(function() {
+            var eval = WScript.LoadScript(0, "samethread").eval;
+            eval(0);
+        });
+    }
+  },
   {
     name: "Destructuring declaration should return undefined",
     body: function () {

Original file line number	Diff line number	Diff line change
`@@ -10,11 +10,16 @@ namespace Js`
`10`	`10`	`{`
`11`	`11`	`template <> bool VarIsImpl<ActivationObject>(RecyclableObject* instance)`
`12`	`12`	`{`
`13`		`- return VirtualTableInfo<Js::ActivationObject>::HasVirtualTable(instance) \|\|`
`14`		`- VirtualTableInfo<Js::ActivationObjectEx>::HasVirtualTable(instance) \|\|`
`15`		`- VirtualTableInfo<Js::PseudoActivationObject>::HasVirtualTable(instance) \|\|`
`16`		`- VirtualTableInfo<Js::BlockActivationObject>::HasVirtualTable(instance) \|\|`
`17`		`- VirtualTableInfo<Js::ConsoleScopeActivationObject>::HasVirtualTable(instance);`
	`13`	`+ return VirtualTableInfo<ActivationObject>::HasVirtualTable(instance) \|\|`
	`14`	`+ VirtualTableInfo<CrossSiteObject<ActivationObject>>::HasVirtualTable(instance) \|\|`
	`15`	`+ VirtualTableInfo<ActivationObjectEx>::HasVirtualTable(instance) \|\|`
	`16`	`+ VirtualTableInfo<CrossSiteObject<ActivationObjectEx>>::HasVirtualTable(instance) \|\|`
	`17`	`+ VirtualTableInfo<PseudoActivationObject>::HasVirtualTable(instance) \|\|`
	`18`	`+ VirtualTableInfo<CrossSiteObject<PseudoActivationObject>>::HasVirtualTable(instance) \|\|`
	`19`	`+ VirtualTableInfo<BlockActivationObject>::HasVirtualTable(instance) \|\|`
	`20`	`+ VirtualTableInfo<CrossSiteObject<BlockActivationObject>>::HasVirtualTable(instance) \|\|`
	`21`	`+ VirtualTableInfo<ConsoleScopeActivationObject>::HasVirtualTable(instance) \|\|`
	`22`	`+ VirtualTableInfo<CrossSiteObject<ConsoleScopeActivationObject>>::HasVirtualTable(instance);`
`18`	`23`	`}`
`19`	`24`
`20`	`25`	`BOOL ActivationObject::HasOwnPropertyCheckNoRedecl(PropertyId propertyId)`
`@@ -172,7 +177,8 @@ namespace Js`
`172`	`177`
`173`	`178`	`template <> bool VarIsImpl<BlockActivationObject>(RecyclableObject* instance)`
`174`	`179`	`{`
`175`		`- return VirtualTableInfo<Js::BlockActivationObject>::HasVirtualTable(instance);`
	`180`	`+ return VirtualTableInfo<Js::BlockActivationObject>::HasVirtualTable(instance) \|\|`
	`181`	`+ VirtualTableInfo<CrossSiteObject<BlockActivationObject>>::HasVirtualTable(instance);`
`176`	`182`	`}`
`177`	`183`
`178`	`184`	`BOOL PseudoActivationObject::InitPropertyScoped(PropertyId propertyId, Var value)`
`@@ -211,7 +217,8 @@ namespace Js`
`211`	`217`
`212`	`218`	`template <> bool VarIsImpl<PseudoActivationObject>(RecyclableObject* instance)`
`213`	`219`	`{`
`214`		`- return VirtualTableInfo<Js::PseudoActivationObject>::HasVirtualTable(instance);`
	`220`	`+ return VirtualTableInfo<Js::PseudoActivationObject>::HasVirtualTable(instance) \|\|`
	`221`	`+ VirtualTableInfo<CrossSiteObject<PseudoActivationObject>>::HasVirtualTable(instance);`
`215`	`222`	`}`
`216`	`223`
`217`	`224`	`#if ENABLE_TTD`