We should add the following two lines to all existing custom V8 constructors: if (ConstructorMode::current() == ConstructorMode::WrapExistingObject) return args.Holder(); This checks whether a programmer is trying to allocate an object via "new X", or C++ is trying to allocate an object via the function template and wrap the object with a JS flavor. In the latter case, a constructor callback should not be executed (i.e. should return immediately). As for existing custom V8 constructors, no bugs have been occurring without this check for now. However, without the check, the problems that I described in the bug 70015 can happen in the future if someone changes code. In addition, if the check does not exist in existing custom constructors, people will add a new custom constructor without the check without considering the possibility of the problems, which may result in ugly bugs.
Created attachment 111708 [details] Patch
Comment on attachment 111708 [details] Patch I suspect a bunch of these cases can't actually occur, but I support adding this check everywhere as a model.
Comment on attachment 111708 [details] Patch Clearing flags on attachment: 111708 Committed r97929: <http://trac.webkit.org/changeset/97929>
All reviewed patches have been landed. Closing bug.