From a2cae2180a7a6d64ccdede44d730c9fbba690fb7 Mon Sep 17 00:00:00 2001
From: Igor Sheludko <ishell@chromium.org>
Date: Fri, 25 Mar 2022 13:40:03 +0100
Subject: [PATCH] [runtime] Fix handling of interceptors, pt.2

Stores to undeclared global in strict mode should throw ReferenceError.

Bug: chromium:1309225
Change-Id: Iac7c55da2ff9c16e488b4fc66408c5300469873e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3553099
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79625}
---
 src/objects/objects.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/objects/objects.cc b/src/objects/objects.cc
index 171a897809..16c93a6ce4 100644
--- a/src/objects/objects.cc
+++ b/src/objects/objects.cc
@@ -2702,6 +2702,10 @@ Maybe<bool> Object::SetSuperProperty(LookupIterator* it, Handle<Object> value,
             JSReceiver::GetOwnPropertyDescriptor(&own_lookup, &desc);
         MAYBE_RETURN(owned, Nothing<bool>());
         if (!owned.FromJust()) {
+          if (!CheckContextualStoreToJSGlobalObject(&own_lookup,
+                                                    should_throw)) {
+            return Nothing<bool>();
+          }
           return JSReceiver::CreateDataProperty(&own_lookup, value,
                                                 should_throw);
         }