[d8 Workers] Make Worker prototype read-only

author binji <binji@chromium.org>

Tue, 11 Aug 2015 00:17:01 +0000 (17:17 -0700)

committer Commit bot <commit-bot@chromium.org>

Tue, 11 Aug 2015 00:17:13 +0000 (00:17 +0000)
author binji <binji@chromium.org>
Tue, 11 Aug 2015 00:17:01 +0000 (17:17 -0700)
committer Commit bot <commit-bot@chromium.org>
Tue, 11 Aug 2015 00:17:13 +0000 (00:17 +0000)
diff --git a/src/d8.cc b/src/d8.cc

index d55faabe8bcc414624f485a9af2c432516185dd6..5fa7c262994c77076951bf97022d00e2c0119731 100644 (file)
--- a/src/d8.cc
+++ b/src/d8.cc
@@ -1144,6 +1144,7 @@ Local<ObjectTemplate> Shell::CreateGlobalTemplate(Isolate* isolate) {
    worker_fun_template->SetClassName(
        String::NewFromUtf8(isolate, "Worker", NewStringType::kNormal)
            .ToLocalChecked());
+  worker_fun_template->ReadOnlyPrototype();
    worker_fun_template->PrototypeTemplate()->Set(
        String::NewFromUtf8(isolate, "terminate", NewStringType::kNormal)
            .ToLocalChecked(),
diff --git a/test/mjsunit/regress/regress-crbug-518747.js b/test/mjsunit/regress/regress-crbug-518747.js

new file mode 100644 (file)

index 0000000..f1787c4
--- /dev/null
+++ b/test/mjsunit/regress/regress-crbug-518747.js
@@ -0,0 +1,9 @@
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+if (this.Worker) {
+  Worker.prototype = 12;
+  var __v_6 = new Worker('');
+  __v_6.postMessage([]);
+}
author	binji <binji@chromium.org>
	Tue, 11 Aug 2015 00:17:01 +0000 (17:17 -0700)
committer	Commit bot <commit-bot@chromium.org>
	Tue, 11 Aug 2015 00:17:13 +0000 (00:17 +0000)
src/d8.cc		patch \| blob \| history
test/mjsunit/regress/regress-crbug-518747.js	[new file with mode: 0644]	patch \| blob