From 1253a3d038560ba928da5c80ea106ae20325fb25 Mon Sep 17 00:00:00 2001 From: Linus Groh Date: Sun, 13 Jun 2021 01:03:41 +0100 Subject: [PATCH] LibJS: VERIFY() that to_object() succeeds in Object.prototype.toString() As null and undefined are already handled separately, this must not fail. --- Userland/Libraries/LibJS/Runtime/ObjectPrototype.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Userland/Libraries/LibJS/Runtime/ObjectPrototype.cpp b/Userland/Libraries/LibJS/Runtime/ObjectPrototype.cpp index df88e1bbb1..0868993331 100644 --- a/Userland/Libraries/LibJS/Runtime/ObjectPrototype.cpp +++ b/Userland/Libraries/LibJS/Runtime/ObjectPrototype.cpp @@ -64,8 +64,7 @@ JS_DEFINE_NATIVE_FUNCTION(ObjectPrototype::to_string) return js_string(vm, "[object Null]"); auto* this_object = this_value.to_object(global_object); - if (!this_object) - return {}; + VERIFY(this_object); String tag; auto to_string_tag = this_object->get(vm.well_known_symbol_to_string_tag());