vm: fix crash when setting __proto__ on context's globalThis

PR-URL: #47939 Reviewed-By: Zeyu "Alex" Yang <himself65@outlook.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
nodejs · May 15, 2023 · 2bd869d · 2bd869d
1 parent 17befe0
commit 2bd869d
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/src/node_contextify.cc b/src/node_contextify.cc
@@ -530,7 +530,8 @@ void ContextifyContext::PropertySetterCallback(
   if (is_declared_on_sandbox &&
       ctx->sandbox()
           ->GetOwnPropertyDescriptor(context, property)
-          .ToLocal(&desc)) {
+          .ToLocal(&desc) &&
+      !desc->IsUndefined()) {
     Environment* env = Environment::GetCurrent(context);
     Local<Object> desc_obj = desc.As<Object>();
 

diff --git a/test/parallel/test-vm-set-proto-null-on-globalthis.js b/test/parallel/test-vm-set-proto-null-on-globalthis.js
@@ -0,0 +1,13 @@
+'use strict';
+require('../common');
+
+// Setting __proto__ on vm context's globalThis should not cause a crash
+// Regression test for https://github.com/nodejs/node/issues/47798
+
+const vm = require('vm');
+const context = vm.createContext();
+
+const contextGlobalThis = vm.runInContext('this', context);
+
+// Should not crash.
+contextGlobalThis.__proto__ = null; // eslint-disable-line no-proto