Bug 1398601 - Don't allow NSVO in js::CreateObjectsForEnvironmentChain
Seeing an NSVO in CreateObjectsForEnvironmentChain indicates the shared
global namespace is about to be polluted, so fix those bugs and turn
this to a diagnostic.
MozReview-Commit-ID: 7OUef76geJL
--- a/js/src/vm/EnvironmentObject.cpp
+++ b/js/src/vm/EnvironmentObject.cpp
@@ -3182,17 +3182,18 @@ js::GetDebugEnvironmentForGlobalLexicalE
bool
js::CreateObjectsForEnvironmentChain(JSContext* cx, AutoObjectVector& chain,
HandleObject terminatingEnv, MutableHandleObject envObj)
{
#ifdef DEBUG
for (size_t i = 0; i < chain.length(); ++i) {
assertSameCompartment(cx, chain[i]);
- MOZ_ASSERT(!chain[i]->is<GlobalObject>());
+ MOZ_ASSERT(!chain[i]->is<GlobalObject>() &&
+ !chain[i]->is<NonSyntacticVariablesObject>());
}
#endif
// Construct With object wrappers for the things on this environment chain
// and use the result as the thing to scope the function to.
Rooted<WithEnvironmentObject*> withEnv(cx);
RootedObject enclosingEnv(cx, terminatingEnv);
for (size_t i = chain.length(); i > 0; ) {