From 3f2990e383ee10069adc132bb250344f6faa9498 Mon Sep 17 00:00:00 2001
From: Alexander Borisov <alexander.borisov@nginx.com>
Date: Wed, 4 Mar 2020 17:12:55 +0300
Subject: [PATCH] Fixed NULL-pointer dereference in "__proto__" property
 handler.

This closes #293 issue on GitHub.
---
 src/njs_object.c         | 7 ++++++-
 src/test/njs_unit_test.c | 3 +++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/njs_object.c b/src/njs_object.c
index 5e16fd47..ac7cbf60 100644
--- a/src/njs_object.c
+++ b/src/njs_object.c
@@ -2005,7 +2005,12 @@ njs_primitive_prototype_get_proto(njs_vm_t *vm, njs_object_prop_t *prop,
         proto = &vm->prototypes[index].object;
     }
 
-    njs_set_type_object(retval, proto, proto->type);
+    if (proto != NULL) {
+        njs_set_type_object(retval, proto, proto->type);
+
+    } else {
+        njs_set_undefined(retval);
+    }
 
     return NJS_OK;
 }
diff --git a/src/test/njs_unit_test.c b/src/test/njs_unit_test.c
index 614cf2ee..00cc5ed1 100644
--- a/src/test/njs_unit_test.c
+++ b/src/test/njs_unit_test.c
@@ -12637,6 +12637,9 @@ static njs_unit_test_t  njs_test[] =
     { njs_str("typeof Object.setPrototypeOf({}, null)"),
       njs_str("object") },
 
+    { njs_str("Object.setPrototypeOf(Object.getPrototypeOf(''), null).__proto__"),
+      njs_str("undefined") },
+
     { njs_str("var p = {}; var o = Object.create(p);"
                  "p.isPrototypeOf(o)"),
       njs_str("true") },
-- 
2.47.3