| Index: src/builtins.cc
|
| diff --git a/src/builtins.cc b/src/builtins.cc
|
| index dcb4f2307e1c1da77eeb643332f51687d974074a..77df498a07f1612bdc5f6c80183c7860121f9a4d 100644
|
| --- a/src/builtins.cc
|
| +++ b/src/builtins.cc
|
| @@ -3370,6 +3370,7 @@ MUST_USE_RESULT MaybeHandle<Object> HandleApiCallHelper(
|
| Isolate* isolate, BuiltinArguments<BuiltinExtraArguments::kTarget> args) {
|
| HandleScope scope(isolate);
|
| Handle<JSFunction> function = args.target();
|
| + DCHECK(args.receiver()->IsJSReceiver());
|
| // TODO(ishell): turn this back to a DCHECK.
|
| CHECK(function->shared()->IsApiFunction());
|
|
|
| @@ -3383,11 +3384,8 @@ MUST_USE_RESULT MaybeHandle<Object> HandleApiCallHelper(
|
| Object);
|
| }
|
|
|
| - DCHECK(!args[0]->IsNull());
|
| - if (args[0]->IsUndefined()) args[0] = function->global_proxy();
|
| -
|
| if (!is_construct && !fun_data->accept_any_receiver()) {
|
| - Handle<Object> receiver(&args[0]);
|
| + Handle<JSReceiver> receiver = args.at<JSReceiver>(0);
|
| if (receiver->IsJSObject() && receiver->IsAccessCheckNeeded()) {
|
| Handle<JSObject> js_receiver = Handle<JSObject>::cast(receiver);
|
| if (!isolate->MayAccess(handle(isolate->context()), js_receiver)) {
|
|
|
Chromium Code Reviews
Issue 1575973006:
[builtins] Sanitize receiver patching for API functions. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master