Add stack limit check to proxy operations

Fixes jerryscript-project#3785.

JerryScript-DCO-1.0-Signed-off-by: Dániel Bátyai [email protected]

Author: dbatyai

Diff for: jerry-core/ecma/operations/ecma-proxy-object.c

@@ -25,6 +25,7 @@
 #include "ecma-objects.h"
 #include "ecma-objects-general.h"
 #include "ecma-proxy-object.h"
+#include "jcontext.h"
 
 /** \addtogroup ecma ECMA
  * @{
@@ -993,6 +994,7 @@ ecma_value_t
 ecma_proxy_object_has (ecma_object_t *obj_p, /**< proxy object */
                        ecma_string_t *prop_name_p) /**< property name */
 {
+  ECMA_CHECK_STACK_USAGE ();
   JERRY_ASSERT (ECMA_OBJECT_IS_PROXY (obj_p));
 
   ecma_proxy_object_t *proxy_obj_p = (ecma_proxy_object_t *) obj_p;
@@ -1096,6 +1098,7 @@ ecma_proxy_object_get (ecma_object_t *obj_p, /**< proxy object */
                        ecma_string_t *prop_name_p, /**< property name */
                        ecma_value_t receiver) /**< receiver to invoke getter function */
 {
+  ECMA_CHECK_STACK_USAGE ();
   JERRY_ASSERT (ECMA_OBJECT_IS_PROXY (obj_p));
 
   ecma_proxy_object_t *proxy_obj_p = (ecma_proxy_object_t *) obj_p;
@@ -1200,6 +1203,7 @@ ecma_proxy_object_set (ecma_object_t *obj_p, /**< proxy object */
                        ecma_value_t value, /**< value to set */
                        ecma_value_t receiver) /**< receiver to invoke setter function */
 {
+  ECMA_CHECK_STACK_USAGE ();
   JERRY_ASSERT (ECMA_OBJECT_IS_PROXY (obj_p));
 
   ecma_proxy_object_t *proxy_obj_p = (ecma_proxy_object_t *) obj_p;

Diff for: tests/jerry/es2015/regression-test-issue-3785.js

@@ -0,0 +1,37 @@
+// Copyright JS Foundation and other contributors, http://js.foundation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+var a = new Proxy({length:2}, {});
+a.__proto__ = a;
+
+try {
+  a[1];
+  assert (false);
+} catch (e) {
+  assert (e instanceof RangeError);
+}
+
+try {
+  a[1] = 2;
+  assert (false);
+} catch (e) {
+  assert (e instanceof RangeError);
+}
+
+try {
+  Array.prototype.forEach.call(a, ()=>{});
+  assert (false);
+} catch (e) {
+  assert (e instanceof RangeError);
+}