summaryrefslogtreecommitdiff
path: root/deps/v8/src/builtins.cc
diff options
context:
space:
mode:
Diffstat (limited to 'deps/v8/src/builtins.cc')
-rw-r--r--deps/v8/src/builtins.cc13
1 files changed, 12 insertions, 1 deletions
diff --git a/deps/v8/src/builtins.cc b/deps/v8/src/builtins.cc
index 21c246ca42..2457a956a7 100644
--- a/deps/v8/src/builtins.cc
+++ b/deps/v8/src/builtins.cc
@@ -1044,6 +1044,17 @@ MUST_USE_RESULT static MaybeHandle<Object> HandleApiCallHelper(
DCHECK(!args[0]->IsNull());
if (args[0]->IsUndefined()) args[0] = function->global_proxy();
+ if (!is_construct && !fun_data->accept_any_receiver()) {
+ Handle<Object> receiver(&args[0]);
+ if (receiver->IsJSObject() && receiver->IsAccessCheckNeeded()) {
+ Handle<JSObject> js_receiver = Handle<JSObject>::cast(receiver);
+ if (!isolate->MayAccess(js_receiver)) {
+ isolate->ReportFailedAccessCheck(js_receiver);
+ RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
+ }
+ }
+ }
+
Object* raw_holder = fun_data->GetCompatibleReceiver(isolate, args[0]);
if (raw_holder->IsNull()) {
@@ -1185,7 +1196,7 @@ MUST_USE_RESULT static Object* HandleApiCallAsFunctionOrConstructor(
// Get the invocation callback from the function descriptor that was
// used to create the called object.
DCHECK(obj->map()->has_instance_call_handler());
- JSFunction* constructor = JSFunction::cast(obj->map()->constructor());
+ JSFunction* constructor = JSFunction::cast(obj->map()->GetConstructor());
// TODO(ishell): turn this back to a DCHECK.
CHECK(constructor->shared()->IsApiFunction());
Object* handler =
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 17:26:57 +0000