[regexp] Fix smi receiver in stack accessors
info.This returns a Local<Object>, which results in a call to Utils::OpenHandle<JSReceiver>. Casting to a Local<Value> first uses the correct OpenHandle<Object> overload. BUG=chromium:693500 Review-Url: https://codereview.chromium.org/2706833002 Cr-Commit-Position: refs/heads/master@{#43314}
This commit is contained in:
parent
f9c5997c86
commit
3acc00a017
@ -1202,7 +1202,8 @@ void Accessors::ErrorStackGetter(
|
|||||||
// If stack is still an accessor (this could have changed in the meantime
|
// If stack is still an accessor (this could have changed in the meantime
|
||||||
// since FormatStackTrace can execute arbitrary JS), replace it with a data
|
// since FormatStackTrace can execute arbitrary JS), replace it with a data
|
||||||
// property.
|
// property.
|
||||||
Handle<Object> receiver = Utils::OpenHandle(*info.This());
|
Handle<Object> receiver =
|
||||||
|
Utils::OpenHandle(*v8::Local<v8::Value>(info.This()));
|
||||||
Handle<Name> name = Utils::OpenHandle(*key);
|
Handle<Name> name = Utils::OpenHandle(*key);
|
||||||
if (IsAccessor(receiver, name, holder)) {
|
if (IsAccessor(receiver, name, holder)) {
|
||||||
result = ReplaceAccessorWithDataProperty(isolate, receiver, holder, name,
|
result = ReplaceAccessorWithDataProperty(isolate, receiver, holder, name,
|
||||||
@ -1228,8 +1229,8 @@ void Accessors::ErrorStackSetter(
|
|||||||
const v8::PropertyCallbackInfo<v8::Boolean>& info) {
|
const v8::PropertyCallbackInfo<v8::Boolean>& info) {
|
||||||
i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
|
i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
|
||||||
HandleScope scope(isolate);
|
HandleScope scope(isolate);
|
||||||
Handle<JSObject> obj =
|
Handle<JSObject> obj = Handle<JSObject>::cast(
|
||||||
Handle<JSObject>::cast(Utils::OpenHandle(*info.This()));
|
Utils::OpenHandle(*v8::Local<v8::Value>(info.This())));
|
||||||
|
|
||||||
// Clear internal properties to avoid memory leaks.
|
// Clear internal properties to avoid memory leaks.
|
||||||
Handle<Symbol> stack_trace_symbol = isolate->factory()->stack_trace_symbol();
|
Handle<Symbol> stack_trace_symbol = isolate->factory()->stack_trace_symbol();
|
||||||
|
5
test/mjsunit/regress/regress-693500.js
Normal file
5
test/mjsunit/regress/regress-693500.js
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
// Copyright 2017 the V8 project authors. All rights reserved.
|
||||||
|
// Use of this source code is governed by a BSD-style license that can be
|
||||||
|
// found in the LICENSE file.
|
||||||
|
|
||||||
|
Reflect.get(new Error(), "stack", 0);
|
Loading…
Reference in New Issue
Block a user