From f08720606757577d95bd09b48697c7decbf17f00 Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Tue, 5 Jul 2011 22:34:15 +0200
Subject: [PATCH] Verify that the argument passed to vm.runInContext() is a
 context object.

Fixes #558.
---
 src/node_script.cc                 | 10 +++++++++-
 test/simple/test-script-context.js | 13 ++++++++++++-
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/node_script.cc b/src/node_script.cc
index 6b82636..6c1099c 100644
--- a/src/node_script.cc
+++ b/src/node_script.cc
@@ -50,6 +50,7 @@ class WrappedContext : ObjectWrap {
 
   Persistent<Context> GetV8Context();
   static Local<Object> NewInstance();
+  static bool InstanceOf(Handle<Value> value);
 
  protected:
 
@@ -110,6 +111,11 @@ void WrappedContext::Initialize(Handle<Object> target) {
 }
 
 
+bool WrappedContext::InstanceOf(Handle<Value> value) {
+  return !value.IsEmpty() && constructor_template->HasInstance(value);
+}
+
+
 Handle<Value> WrappedContext::New(const Arguments& args) {
   HandleScope scope;
 
@@ -282,7 +288,9 @@ Handle<Value> WrappedScript::EvalMachine(const Arguments& args) {
   }
 
   const int sandbox_index = input_flag == compileCode ? 1 : 0;
-  if (context_flag == userContext && args.Length() < (sandbox_index + 1)) {
+  if (context_flag == userContext
+    && !WrappedContext::InstanceOf(args[sandbox_index]))
+  {
     return ThrowException(Exception::TypeError(
           String::New("needs a 'context' argument.")));
   }
diff --git a/test/simple/test-script-context.js b/test/simple/test-script-context.js
index a7f8537..3d054b7 100644
--- a/test/simple/test-script-context.js
+++ b/test/simple/test-script-context.js
@@ -22,7 +22,8 @@
 var common = require('../common');
 var assert = require('assert');
 
-var Script = require('vm').Script;
+var vm = require('vm');
+var Script = vm.Script;
 var script = new Script('"passed";');
 
 common.debug('run in a new empty context');
@@ -44,3 +45,13 @@ assert.equal('lala', context.thing);
 
 // Issue GH-227:
 Script.runInNewContext('', null, 'some.js');
+
+// GH-558, non-context argument segfaults / raises assertion
+function isTypeError(o) {
+  return o instanceof TypeError;
+}
+
+[undefined, null, 0, 0.0, '', {}, []].forEach(function(e) {
+  assert.throws(function() { script.runInContext(e); }, isTypeError);
+  assert.throws(function() { vm.runInContext('', e); }, isTypeError);
+});
-- 
2.7.4