Imported WebKit commit 20271caf2e2c016d5cef40184cddeefeac4f1876 (http://svn.webkit.org/repository/webkit/trunk@133733)

New snapshot that contains all previous fixes as well as build fix for latest QtMultimedia API changes.

1 files changed, 4 insertions, 1 deletions

diff --git a/Source/JavaScriptCore/runtime/JSScope.cpp b/Source/JavaScriptCore/runtime/JSScope.cpp
index 508a90540..8651a76ba 100644
--- a/Source/JavaScriptCore/runtime/JSScope.cpp
+++ b/Source/JavaScriptCore/runtime/JSScope.cpp
@@ -334,11 +334,14 @@ template <JSScope::LookupMode mode, JSScope::ReturnValues returnValues> JSObject
                     ASSERT(variableObject);
                     ASSERT(variableObject->symbolTable());
                     SymbolTableEntry entry = variableObject->symbolTable()->get(identifier.impl());
-                    // Variable was actually inserted by eval
+                    // Defend against the variable being actually inserted by eval.
                     if (entry.isNull()) {
                         ASSERT(!jsDynamicCast<JSNameScope*>(variableObject));
                         goto fail;
                     }
+                    // If we're getting the 'arguments' then give up on life.
+                    if (identifier == callFrame->propertyNames().arguments)
+                        goto fail;
 
                     if (putToBaseOperation) {
                         putToBaseOperation->m_kind = entry.isReadOnly() ? PutToBaseOperation::Readonly : PutToBaseOperation::VariablePut;