| Index: src/ic.cc
|
| diff --git a/src/ic.cc b/src/ic.cc
|
| index 0f1c3b416e97dd7264c0b24d85b396420086f403..d8e274272fc7d60cc48b251ab70e252800834df1 100644
|
| --- a/src/ic.cc
|
| +++ b/src/ic.cc
|
| @@ -1275,8 +1275,23 @@ MaybeHandle<Object> StoreIC::Store(Handle<Object> object,
|
| }
|
|
|
| // Ignore other stores where the receiver is not a JSObject.
|
| - // TODO(1475): Must check prototype chains of object wrappers.
|
| - if (!object->IsJSObject()) return value;
|
| + if (!object->IsJSObject()) {
|
| + // Proxies are already handled above.
|
| + ASSERT(!object->IsJSReceiver());
|
| + Handle<JSReceiver> receiver;
|
| + Handle<Context> native_context(isolate()->context()->native_context());
|
| + if (Object::ToObject(
|
| + isolate(), object, native_context).ToHandle(&receiver)) {
|
| + Handle<Object> result;
|
| + ASSIGN_RETURN_ON_EXCEPTION(
|
| + isolate(),
|
| + result,
|
| + JSReceiver::SetProperty(
|
| + receiver, name, value, NONE, strict_mode(), store_mode),
|
| + Object);
|
| + }
|
| + return value;
|
| + }
|
|
|
| Handle<JSObject> receiver = Handle<JSObject>::cast(object);
|
|
|
|
|
Chromium Code Reviews
Issue 299403008:
Fix storing to primitive objects by applying ToObject. This is necessary to ensure that we properly… (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge