Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-8634

Make hidden _v8_function property read-only

    XMLWordPrintable

    Details

    • Operating System:
      ALL
    • Steps To Reproduce:
      Hide

      db.eval('Mongo._v8_function = 0x31337; new Mongo();');

      Show
      db.eval('Mongo._v8_function = 0x31337; new Mongo();');

      Description

      The non-enumerated _v8_function property can be overwritten with a user-supplied value, which will cause the process to crash when v8Callback() tries to access the property as an External type.

      Should be trivial to fix by making the property read-only.

        Attachments

          Activity

            People

            Assignee:
            benjamin.becker Ben Becker
            Reporter:
            benjamin.becker Ben Becker
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: