Commit 60f9e60b authored by cbruni's avatar cbruni Committed by Commit bot

[api] Fix IsSimpleInstantion check in InstantiatObject

We have a simple instantiation at hand if the new.target is from the same
context, not the other way around.

BUG=chromium:630217

Review-Url: https://codereview.chromium.org/2201113002
Cr-Commit-Position: refs/heads/master@{#38279}
parent 25c0501c
...@@ -334,8 +334,7 @@ bool IsSimpleInstantiation(Isolate* isolate, ObjectTemplateInfo* info, ...@@ -334,8 +334,7 @@ bool IsSimpleInstantiation(Isolate* isolate, ObjectTemplateInfo* info,
JSFunction* fun = JSFunction::cast(new_target); JSFunction* fun = JSFunction::cast(new_target);
if (fun->shared()->function_data() != info->constructor()) return false; if (fun->shared()->function_data() != info->constructor()) return false;
if (info->immutable_proto()) return false; if (info->immutable_proto()) return false;
return fun->context()->native_context() != return fun->context()->native_context() == isolate->raw_native_context();
isolate->context()->native_context();
} }
MaybeHandle<JSObject> InstantiateObject(Isolate* isolate, MaybeHandle<JSObject> InstantiateObject(Isolate* isolate,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment