From 77582a4b63fdd02d210cc06bcad66598afe66d21 Mon Sep 17 00:00:00 2001
From: Yang Guo <yangguo@chromium.org>
Date: Mon, 22 Oct 2018 11:25:04 +0200
Subject: [PATCH] [debug] scope iterator should not crash on API functions

Bug: v8:8333
Change-Id: I04bb28f909a1c144f513964115b4f2dfaced3146
Reviewed-on: https://chromium-review.googlesource.com/c/1291372
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56846}
---
 src/debug/debug-scopes.cc | 10 +++-------
 test/cctest/test-debug.cc | 15 +++++++++++++++
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/src/debug/debug-scopes.cc b/src/debug/debug-scopes.cc
index dfd75f2372..1f24ffa824 100644
--- a/src/debug/debug-scopes.cc
+++ b/src/debug/debug-scopes.cc
@@ -54,13 +54,12 @@ Handle<Object> ScopeIterator::GetFunctionDebugName() const {
 }
 
 ScopeIterator::ScopeIterator(Isolate* isolate, Handle<JSFunction> function)
-    : isolate_(isolate),
-      context_(function->context(), isolate),
-      script_(Script::cast(function->shared()->script()), isolate) {
+    : isolate_(isolate), context_(function->context(), isolate) {
   if (!function->shared()->IsSubjectToDebugging()) {
     context_ = Handle<Context>();
     return;
   }
+  script_ = handle(Script::cast(function->shared()->script()), isolate);
   UnwrapEvaluationContext();
 }
 
@@ -71,10 +70,7 @@ ScopeIterator::ScopeIterator(Isolate* isolate,
       function_(generator->function(), isolate),
       context_(generator->context(), isolate),
       script_(Script::cast(function_->shared()->script()), isolate) {
-  if (!function_->shared()->IsSubjectToDebugging()) {
-    context_ = Handle<Context>();
-    return;
-  }
+  CHECK(function_->shared()->IsSubjectToDebugging());
   TryParseAndRetrieveScopes(DEFAULT);
 }
 
diff --git a/test/cctest/test-debug.cc b/test/cctest/test-debug.cc
index 2e2128e50b..dcb89b999d 100644
--- a/test/cctest/test-debug.cc
+++ b/test/cctest/test-debug.cc
@@ -2818,6 +2818,21 @@ TEST(DebugBreakInWrappedScript) {
   CheckDebuggerUnloaded();
 }
 
+static void EmptyHandler(const v8::FunctionCallbackInfo<v8::Value>& args) {}
+
+TEST(DebugScopeIteratorWithFunctionTemplate) {
+  LocalContext env;
+  v8::HandleScope handle_scope(env->GetIsolate());
+  v8::Isolate* isolate = env->GetIsolate();
+  EnableDebugger(isolate);
+  v8::Local<v8::Function> func =
+      v8::Function::New(env.local(), EmptyHandler).ToLocalChecked();
+  std::unique_ptr<v8::debug::ScopeIterator> iterator =
+      v8::debug::ScopeIterator::CreateForFunction(isolate, func);
+  CHECK(iterator->Done());
+  DisableDebugger(isolate);
+}
+
 TEST(DebugBreakWithoutJS) {
   i::FLAG_stress_compaction = false;
 #ifdef VERIFY_HEAP