mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 18:57:45 +00:00
LibJS: Don't apply arguments object hack to global execution context
Checking for the existence of a call frame is not enough to check if we're in a function call, as the global execution context is a regular call frame as well. Found by OSS-Fuzz, where simply accessing "arguments" in the global scope would crash due to call_frame().callee being an empty value (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32115).
This commit is contained in:
parent
00f1cb924b
commit
8e84ca6b16
1 changed files with 2 additions and 2 deletions
|
@ -163,8 +163,8 @@ void VM::set_variable(const FlyString& name, Value value, GlobalObject& global_o
|
|||
|
||||
Value VM::get_variable(const FlyString& name, GlobalObject& global_object)
|
||||
{
|
||||
if (m_call_stack.size()) {
|
||||
if (name == names.arguments) {
|
||||
if (!m_call_stack.is_empty()) {
|
||||
if (name == names.arguments && m_call_stack.size() > 1) {
|
||||
// HACK: Special handling for the name "arguments":
|
||||
// If the name "arguments" is defined in the current scope, for example via
|
||||
// a function parameter, or by a local var declaration, we use that.
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue