[webkit-changes] [110082] branches/safari-534.54-branch

Wed, 07 Mar 2012 12:02:32 -0800

Title: [110082] branches/safari-534.54-branch

Diff

Modified: branches/safari-534.54-branch/LayoutTests/ChangeLog (110081 => 110082)


--- branches/safari-534.54-branch/LayoutTests/ChangeLog	2012-03-07 20:01:58 UTC (rev 110081)
+++ branches/safari-534.54-branch/LayoutTests/ChangeLog	2012-03-07 20:02:13 UTC (rev 110082)
@@ -1,3 +1,19 @@
+2012-03-07  Lucas Forschler  <lforsch...@apple.com>
+
+    Merge 109594
+
+    2012-03-02  Maciej Stachowiak  <m...@apple.com>
+
+            REGRESSION(r97353): Crash when accessing location or history properties inside a navigated window
+            https://bugs.webkit.org/show_bug.cgi?id=80133
+
+            Reviewed by Antti Koivisto.
+
+            * fast/dom/Window/navigated-window-properties-expected.txt: Added.
+            * fast/dom/Window/navigated-window-properties.html: Added.
+            * fast/dom/Window/resources/navigated-window-prop-subframe1.html: Added.
+            * fast/dom/Window/resources/navigated-window-prop-subframe2.html: Added.
+
 2011-02-13  Lucas Forschler  <lforsch...@apple.com>
 
     Merge 107496

Copied: branches/safari-534.54-branch/LayoutTests/fast/dom/Window/navigated-window-properties-expected.txt (from rev 109594, trunk/LayoutTests/fast/dom/Window/navigated-window-properties-expected.txt) (0 => 110082)


--- branches/safari-534.54-branch/LayoutTests/fast/dom/Window/navigated-window-properties-expected.txt	                        (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/fast/dom/Window/navigated-window-properties-expected.txt	2012-03-07 20:02:13 UTC (rev 110082)
@@ -0,0 +1,3 @@
+Accessing properties of a navigated window shouldn't crash
+
+

Copied: branches/safari-534.54-branch/LayoutTests/fast/dom/Window/navigated-window-properties.html (from rev 109594, trunk/LayoutTests/fast/dom/Window/navigated-window-properties.html) (0 => 110082)


--- branches/safari-534.54-branch/LayoutTests/fast/dom/Window/navigated-window-properties.html	                        (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/fast/dom/Window/navigated-window-properties.html	2012-03-07 20:02:13 UTC (rev 110082)
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<title>Properties of a navigated window shouldn't crash</title>
+
+<p>Accessing properties of a navigated window shouldn't crash</p>
+
+<script>
+if (window.layoutTestController) {
+    layoutTestController.waitUntilDone();
+    layoutTestController.dumpAsText();
+}
+
+
+var func;
+function testPhase1() {
+    var subframe = document.getElementById("subframe");
+    func = subframe.contentWindow.testFunction;
+    subframe.src = ""
+}
+
+function testPhase2() {
+    func();
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+</script>
+<iframe id="subframe" src=""

Copied: branches/safari-534.54-branch/LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe1.html (from rev 109594, trunk/LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe1.html) (0 => 110082)


--- branches/safari-534.54-branch/LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe1.html	                        (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe1.html	2012-03-07 20:02:13 UTC (rev 110082)
@@ -0,0 +1,9 @@
+<script>
+function testFunction() {
+    try {
+         var s = location.href + history.length;
+    } catch (e) {
+    }
+}
+parent.testPhase1();
+</script>

Copied: branches/safari-534.54-branch/LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe2.html (from rev 109594, trunk/LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe2.html) (0 => 110082)


--- branches/safari-534.54-branch/LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe2.html	                        (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe2.html	2012-03-07 20:02:13 UTC (rev 110082)
@@ -0,0 +1,3 @@
+<script>
+parent.testPhase2();
+</script>

Modified: branches/safari-534.54-branch/Source/WebCore/ChangeLog (110081 => 110082)


--- branches/safari-534.54-branch/Source/WebCore/ChangeLog	2012-03-07 20:01:58 UTC (rev 110081)
+++ branches/safari-534.54-branch/Source/WebCore/ChangeLog	2012-03-07 20:02:13 UTC (rev 110082)
@@ -1,3 +1,26 @@
+2012-03-07  Lucas Forschler  <lforsch...@apple.com>
+
+    Merge 109594
+
+    2012-03-02  Maciej Stachowiak  <m...@apple.com>
+
+            REGRESSION(r97353): Crash when accessing location or history properties inside a navigated window
+            https://bugs.webkit.org/show_bug.cgi?id=80133
+            <rdar://problem/10432233>
+
+            Reviewed by Antti Koivisto.
+
+            Test: fast/dom/Window/navigated-window-properties.html
+
+            * bindings/js/JSDOMWindowCustom.cpp:
+            (WebCore): Remove custom getters for window.location and window.history; they
+            were unnecessary and did the wrong thing when DOMWindow returned null values 
+            for these.
+            * page/DOMWindow.idl: ditto
+            * bindings/js/JSDOMBinding.cpp:
+            (WebCore::reportException): Remove assert about null values and update comment,
+            since this is now an expected state for navigated inner windows.
+
 2011-02-17  Lucas Forschler  <lforsch...@apple.com>
 
     Merge 107966

Modified: branches/safari-534.54-branch/Source/WebCore/bindings/js/JSDOMBinding.cpp (110081 => 110082)


--- branches/safari-534.54-branch/Source/WebCore/bindings/js/JSDOMBinding.cpp	2012-03-07 20:01:58 UTC (rev 110081)
+++ branches/safari-534.54-branch/Source/WebCore/bindings/js/JSDOMBinding.cpp	2012-03-07 20:02:13 UTC (rev 110082)
@@ -180,9 +180,8 @@
         errorMessage = stringToUString(exceptionBase->message() + ": "  + exceptionBase->description());
 
     ScriptExecutionContext* scriptExecutionContext = static_cast<JSDOMGlobalObject*>(exec->lexicalGlobalObject())->scriptExecutionContext();
-    ASSERT(scriptExecutionContext);
 
-    // Crash data indicates null-dereference crashes at this point in the Safari 4 Public Beta.
+    // scriptExecutionContext can be null when the relevant global object is a stale inner window object.
     // It's harmless to return here without reporting the exception to the log and the debugger in this case.
     if (!scriptExecutionContext)
         return;

Modified: branches/safari-534.54-branch/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (110081 => 110082)


--- branches/safari-534.54-branch/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp	2012-03-07 20:01:58 UTC (rev 110081)
+++ branches/safari-534.54-branch/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp	2012-03-07 20:02:13 UTC (rev 110082)
@@ -417,30 +417,6 @@
 
 // Custom Attributes
 
-JSValue JSDOMWindow::history(ExecState* exec) const
-{
-    History* history = impl()->history();
-    if (JSDOMWrapper* wrapper = getCachedWrapper(currentWorld(exec), history))
-        return wrapper;
-
-    JSDOMWindow* window = const_cast<JSDOMWindow*>(this);
-    JSHistory* jsHistory = JSHistory::create(getDOMStructure<JSHistory>(exec, window), window, history);
-    cacheWrapper(currentWorld(exec), history, jsHistory);
-    return jsHistory;
-}
-
-JSValue JSDOMWindow::location(ExecState* exec) const
-{
-    Location* location = impl()->location();
-    if (JSDOMWrapper* wrapper = getCachedWrapper(currentWorld(exec), location))
-        return wrapper;
-
-    JSDOMWindow* window = const_cast<JSDOMWindow*>(this);
-    JSLocation* jsLocation = JSLocation::create(getDOMStructure<JSLocation>(exec, window), window, location);
-    cacheWrapper(currentWorld(exec), location, jsLocation);
-    return jsLocation;
-}
-
 void JSDOMWindow::setLocation(ExecState* exec, JSValue value)
 {
 #if ENABLE(DASHBOARD_SUPPORT)

Modified: branches/safari-534.54-branch/Source/WebCore/page/DOMWindow.idl (110081 => 110082)


--- branches/safari-534.54-branch/Source/WebCore/page/DOMWindow.idl	2012-03-07 20:01:58 UTC (rev 110081)
+++ branches/safari-534.54-branch/Source/WebCore/page/DOMWindow.idl	2012-03-07 20:02:13 UTC (rev 110082)
@@ -43,7 +43,7 @@
     ] DOMWindow {
         // DOM Level 0
         attribute [Replaceable] Screen screen;
-        attribute [Replaceable, DoNotCheckDomainSecurityOnGet, JSCCustomGetter] History history;
+        attribute [Replaceable, DoNotCheckDomainSecurityOnGet] History history;
         attribute [Replaceable] BarInfo locationbar;
         attribute [Replaceable] BarInfo menubar;
         attribute [Replaceable] BarInfo personalbar;
@@ -53,7 +53,7 @@
         attribute [Replaceable] Navigator navigator;
         attribute [Replaceable] Navigator clientInformation;
         readonly attribute Crypto crypto;
-        attribute [DoNotCheckDomainSecurity, JSCCustom, V8CustomSetter, V8DisallowShadowing, CPPCustom] Location location;
+        attribute [DoNotCheckDomainSecurity, CustomSetter, V8DisallowShadowing, CPPCustom] Location location;
 
         attribute [Replaceable, CustomGetter, V8CustomSetter] Event event;

Modified: branches/safari-534.54-branch/Source/WebCore/platform/sql/SQLiteStatement.cpp (110081 => 110082)


--- branches/safari-534.54-branch/Source/WebCore/platform/sql/SQLiteStatement.cpp	2012-03-07 20:01:58 UTC (rev 110081)
+++ branches/safari-534.54-branch/Source/WebCore/platform/sql/SQLiteStatement.cpp	2012-03-07 20:02:13 UTC (rev 110082)
@@ -101,6 +101,7 @@
     MutexLocker databaseLock(m_database.databaseMutex());
     if (m_database.isInterrupted())
         return SQLITE_INTERRUPT;
+    //ASSERT(m_isPrepared);
 
     if (!m_statement)
         return SQLITE_OK;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to