From 7e88a9322c8f1b5393723d6f99590d750b097569 Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Mon, 23 Mar 2015 00:26:59 +0100
Subject: src: make accessors immune to context confusion

It's possible for an accessor or named interceptor to get called with
a different execution context than the one it lives in, see the test
case for an example using the debug API.

This commit fortifies against that by passing the environment as a
data property instead of looking it up through the current context.

Fixes: https://github.com/iojs/io.js/issues/1190 (again)
PR-URL: https://github.com/iojs/io.js/pull/1238
Reviewed-By: Fedor Indutny <fedor@indutny.com>
---
 src/stream_base-inl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/stream_base-inl.h')

diff --git a/src/stream_base-inl.h b/src/stream_base-inl.h
index 8f7f5fea41..26ba54b376 100644
--- a/src/stream_base-inl.h
+++ b/src/stream_base-inl.h
@@ -32,7 +32,7 @@ void StreamBase::AddMethods(Environment* env,
   t->InstanceTemplate()->SetAccessor(env->fd_string(),
                                      GetFD<Base>,
                                      nullptr,
-                                     Handle<Value>(),
+                                     env->as_external(),
                                      v8::DEFAULT,
                                      attributes);
 
-- 
cgit v1.2.3