diff options
Diffstat (limited to 'Source/JavaScriptCore/runtime/JSScope.cpp')
| -rw-r--r-- | Source/JavaScriptCore/runtime/JSScope.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/Source/JavaScriptCore/runtime/JSScope.cpp b/Source/JavaScriptCore/runtime/JSScope.cpp index 508a90540..8651a76ba 100644 --- a/Source/JavaScriptCore/runtime/JSScope.cpp +++ b/Source/JavaScriptCore/runtime/JSScope.cpp @@ -334,11 +334,14 @@ template <JSScope::LookupMode mode, JSScope::ReturnValues returnValues> JSObject ASSERT(variableObject); ASSERT(variableObject->symbolTable()); SymbolTableEntry entry = variableObject->symbolTable()->get(identifier.impl()); - // Variable was actually inserted by eval + // Defend against the variable being actually inserted by eval. if (entry.isNull()) { ASSERT(!jsDynamicCast<JSNameScope*>(variableObject)); goto fail; } + // If we're getting the 'arguments' then give up on life. + if (identifier == callFrame->propertyNames().arguments) + goto fail; if (putToBaseOperation) { putToBaseOperation->m_kind = entry.isReadOnly() ? PutToBaseOperation::Readonly : PutToBaseOperation::VariablePut; |