From 1bfbc0b6af2319fa6c91e9d2f2f6d54c121bc2f6 Mon Sep 17 00:00:00 2001
From: Luke Wilde <lukew@serenityos.org>
Date: Thu, 10 Feb 2022 00:00:39 +0000
Subject: [PATCH] LibJS: Don't coerce this value to an object in
 Function.prototype.call

---
 .../LibJS/Runtime/FunctionPrototype.cpp         | 17 +++++++++++++----
 .../Function/Function.prototype.call.js         | 16 ++++++++++++++++
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/Userland/Libraries/LibJS/Runtime/FunctionPrototype.cpp b/Userland/Libraries/LibJS/Runtime/FunctionPrototype.cpp
index a6f59f662b..3796bd8fa3 100644
--- a/Userland/Libraries/LibJS/Runtime/FunctionPrototype.cpp
+++ b/Userland/Libraries/LibJS/Runtime/FunctionPrototype.cpp
@@ -112,16 +112,25 @@ JS_DEFINE_NATIVE_FUNCTION(FunctionPrototype::bind)
 // 20.2.3.3 Function.prototype.call ( thisArg, ...args ), https://tc39.es/ecma262/#sec-function.prototype.call
 JS_DEFINE_NATIVE_FUNCTION(FunctionPrototype::call)
 {
-    auto* this_object = TRY(vm.this_value(global_object).to_object(global_object));
-    if (!this_object->is_function())
-        return vm.throw_completion<TypeError>(global_object, ErrorType::NotAnObjectOfType, "Function");
-    auto& function = static_cast<FunctionObject&>(*this_object);
+    // 1. Let func be the this value.
+    auto function_value = vm.this_value(global_object);
+
+    // 2. If IsCallable(func) is false, throw a TypeError exception.
+    if (!function_value.is_function())
+        return vm.throw_completion<TypeError>(global_object, ErrorType::NotAFunction, function_value.to_string_without_side_effects());
+
+    auto& function = static_cast<FunctionObject&>(function_value.as_object());
+
+    // FIXME: 3. Perform PrepareForTailCall().
+
     auto this_arg = vm.argument(0);
     MarkedVector<Value> arguments(vm.heap());
     if (vm.argument_count() > 1) {
         for (size_t i = 1; i < vm.argument_count(); ++i)
             arguments.append(vm.argument(i));
     }
+
+    // 4. Return ? Call(func, thisArg, args).
     return TRY(JS::call(global_object, function, this_arg, move(arguments)));
 }
 
diff --git a/Userland/Libraries/LibJS/Tests/builtins/Function/Function.prototype.call.js b/Userland/Libraries/LibJS/Tests/builtins/Function/Function.prototype.call.js
index 136f69b2bd..fe18fac703 100644
--- a/Userland/Libraries/LibJS/Tests/builtins/Function/Function.prototype.call.js
+++ b/Userland/Libraries/LibJS/Tests/builtins/Function/Function.prototype.call.js
@@ -51,3 +51,19 @@ test("basic functionality", () => {
 
     expect((() => this).call("foo")).toBe(globalThis);
 });
+
+describe("errors", () => {
+    test("does not accept non-function values", () => {
+        expect(() => {
+            Function.prototype.call.call("foo");
+        }).toThrowWithMessage(TypeError, "foo is not a function");
+
+        expect(() => {
+            Function.prototype.call.call(undefined);
+        }).toThrowWithMessage(TypeError, "undefined is not a function");
+
+        expect(() => {
+            Function.prototype.call.call(null);
+        }).toThrowWithMessage(TypeError, "null is not a function");
+    });
+});