Guard an unsafe cast of a catch context's extension object.

src/contexts.cc

 // Copyright 2011 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 206 matching lines @@
 }
 
 
 bool Context::GlobalIfNotShadowedByEval(Handle<String> name) {
   Context* context = this;
 
   // Check that there is no local with the given name in contexts
   // before the global context and check that there are no context
   // extension objects (conservative check for with statements).
   while (!context->IsGlobalContext()) {
-    // Check if the context is a catch or with context, or has called
-    // non-strict eval.
+    // Check if the context is a catch or with context, or has introduced
+    // bindings by calling non-strict eval.
     if (context->has_extension()) return false;
 
     // Not a with context so it must be a function context.
     ASSERT(context->IsFunctionContext());
 
     // Check non-parameter locals.
     Handle<SerializedScopeInfo> scope_info(
         context->closure()->shared()->scope_info());
     Variable::Mode mode;
     int index = scope_info->ContextSlotIndex(*name, &mode);
@@ skipping 113 matching lines @@
   // During bootstrapping we allow all objects to pass as global
   // objects. This is necessary to fix circular dependencies.
   Isolate* isolate = Isolate::Current();
   return isolate->heap()->gc_state() != Heap::NOT_IN_GC ||
       isolate->bootstrapper()->IsActive() ||
       object->IsGlobalObject();
 }
 #endif
 
 } }  // namespace v8::internal