Fix SealHandleScope usage in runtime-classes.cc

R=gsathya@chromium.org BUG=v8:5783 Review-Url: https://codereview.chromium.org/2603783003 Cr-Commit-Position: refs/heads/master@{#41963}
2016-12-27 10:55:16 -08:00 · 2016-12-27 10:55:16 -08:00 · 24547376a9
commit 24547376a9
parent c5dd44c331
2 changed files with 12 additions and 4 deletions
--- a/src/runtime/runtime-classes.cc
+++ b/src/runtime/runtime-classes.cc
@ -462,12 +462,12 @@ RUNTIME_FUNCTION(Runtime_StoreKeyedToSuper_Sloppy) {
 RUNTIME_FUNCTION(Runtime_GetSuperConstructor) {
  SealHandleScope shs(isolate);
  DCHECK_EQ(1, args.length());
-  CONVERT_ARG_HANDLE_CHECKED(JSFunction, active_function, 0);
+  CONVERT_ARG_CHECKED(JSFunction, active_function, 0);
  Object* prototype = active_function->map()->prototype();
  if (!prototype->IsConstructor()) {
-    return ThrowNotSuperConstructor(
-        isolate, Handle<JSFunction>::cast(handle(prototype, isolate)),
-        active_function);
+    HandleScope scope(isolate);
+    return ThrowNotSuperConstructor(isolate, handle(prototype, isolate),
+                                    handle(active_function, isolate));
  }
  return prototype;
 }
--- a/test/mjsunit/regress/regress-5783.js
+++ b/test/mjsunit/regress/regress-5783.js
@ -0,0 +1,8 @@
+// Copyright 2016 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+class C {}
+class D extends C { constructor(...args) { super(...args, 75) } }
+D.__proto__ = null;
+assertThrows(() => new D(), TypeError);