CHECK correct context usage in V8ScriptRunner::callFunction

third_party/WebKit/Source/bindings/core/v8/V8ErrorHandler.cpp

Index: third_party/WebKit/Source/bindings/core/v8/V8ErrorHandler.cpp
diff --git a/third_party/WebKit/Source/bindings/core/v8/V8ErrorHandler.cpp b/third_party/WebKit/Source/bindings/core/v8/V8ErrorHandler.cpp
index 9f075e0e32c9b4bbf23ffa55ac034d6e1df34140..41877e7c9feb02243493b2de2ee9fc09d1f2ef78 100644
--- a/third_party/WebKit/Source/bindings/core/v8/V8ErrorHandler.cpp
+++ b/third_party/WebKit/Source/bindings/core/v8/V8ErrorHandler.cpp
@@ -35,6 +35,7 @@
 #include "bindings/core/v8/V8ErrorEvent.h"
 #include "bindings/core/v8/V8PrivateProperty.h"
 #include "bindings/core/v8/V8ScriptRunner.h"
+#include "core/dom/Document.h"
 #include "core/dom/ExecutionContext.h"
 
 namespace blink {
@@ -85,6 +86,13 @@ v8::Local<v8::Value> V8ErrorHandler::callListenerFunction(
         callFunction, scriptState->getExecutionContext(), thisValue,
         WTF_ARRAY_LENGTH(parameters), parameters, isolate());
   } else {
+    LocalFrame* frame = toDocument(scriptState->getExecutionContext())->frame();
+    if (frame && world().isMainWorld()) {
+      CHECK(BindingSecurity::shouldAllowAccessToFrame(
+          toDOMWindow(callFunction->CreationContext())->toLocalDOMWindow(),

[dcheng, 2017/02/20 10:07:42]

Hmm... I guess I should fix this to return a LocalDOMWindow.

+          frame, BindingSecurity::ErrorReportOption::DoNotReport));
+    }
+
     result = V8ScriptRunner::callFunction(
         callFunction, scriptState->getExecutionContext(), thisValue,
         WTF_ARRAY_LENGTH(parameters), parameters, isolate());