Title: [106600] trunk
Revision
106600
Author
[email protected]
Date
2012-02-02 15:42:26 -0800 (Thu, 02 Feb 2012)

Log Message

Running a Web Worker on about:blank crashes the interpreter
https://bugs.webkit.org/show_bug.cgi?id=77593

Patch by Benjamin Poulain <[email protected]> on 2012-02-02
Reviewed by Michael Saboff.

Source/_javascript_Core: 

The method Interpreter::execute() was crashing on empty programs because
the assumption is made the source is not null.

This patch shortcut the execution when the String is null to avoid invalid
memory access.

* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):

LayoutTests: 

The Worker thread should not crash if running on an empty page.
The timer is necessary to give a chance for the thread to start.

* fast/workers/empty-worker-nocrash-expected.txt: Added.
* fast/workers/empty-worker-nocrash.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (106599 => 106600)


--- trunk/LayoutTests/ChangeLog	2012-02-02 23:41:11 UTC (rev 106599)
+++ trunk/LayoutTests/ChangeLog	2012-02-02 23:42:26 UTC (rev 106600)
@@ -1,3 +1,16 @@
+2012-02-02  Benjamin Poulain  <[email protected]>
+
+        Running a Web Worker on about:blank crashes the interpreter
+        https://bugs.webkit.org/show_bug.cgi?id=77593
+
+        Reviewed by Michael Saboff.
+
+        The Worker thread should not crash if running on an empty page.
+        The timer is necessary to give a chance for the thread to start.
+
+        * fast/workers/empty-worker-nocrash-expected.txt: Added.
+        * fast/workers/empty-worker-nocrash.html: Added.
+
 2012-02-02  Filip Pizlo  <[email protected]>
 
         retrieveCallerFromVMCode should call trueCallerFrame

Added: trunk/LayoutTests/fast/workers/empty-worker-nocrash-expected.txt (0 => 106600)


--- trunk/LayoutTests/fast/workers/empty-worker-nocrash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/workers/empty-worker-nocrash-expected.txt	2012-02-02 23:42:26 UTC (rev 106600)
@@ -0,0 +1 @@
+PASS

Added: trunk/LayoutTests/fast/workers/empty-worker-nocrash.html (0 => 106600)


--- trunk/LayoutTests/fast/workers/empty-worker-nocrash.html	                        (rev 0)
+++ trunk/LayoutTests/fast/workers/empty-worker-nocrash.html	2012-02-02 23:42:26 UTC (rev 106600)
@@ -0,0 +1,11 @@
+<html>
+<script>
+var worker = new Worker('about:blank');
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+setTimeout('window.layoutTestController.notifyDone()', 20);
+</script>
+<p>PASS</p>
+</html>

Modified: trunk/Source/_javascript_Core/ChangeLog (106599 => 106600)


--- trunk/Source/_javascript_Core/ChangeLog	2012-02-02 23:41:11 UTC (rev 106599)
+++ trunk/Source/_javascript_Core/ChangeLog	2012-02-02 23:42:26 UTC (rev 106600)
@@ -1,3 +1,19 @@
+2012-02-02  Benjamin Poulain  <[email protected]>
+
+        Running a Web Worker on about:blank crashes the interpreter
+        https://bugs.webkit.org/show_bug.cgi?id=77593
+
+        Reviewed by Michael Saboff.
+
+        The method Interpreter::execute() was crashing on empty programs because
+        the assumption is made the source is not null.
+
+        This patch shortcut the execution when the String is null to avoid invalid
+        memory access.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::execute):
+
 2012-02-02  Kalev Lember  <[email protected]>
 
         [GTK] Use win32 native threading

Modified: trunk/Source/_javascript_Core/interpreter/Interpreter.cpp (106599 => 106600)


--- trunk/Source/_javascript_Core/interpreter/Interpreter.cpp	2012-02-02 23:41:11 UTC (rev 106599)
+++ trunk/Source/_javascript_Core/interpreter/Interpreter.cpp	2012-02-02 23:42:26 UTC (rev 106600)
@@ -885,6 +885,8 @@
     Vector<JSONPData> JSONPData;
     bool parseResult;
     const UString programSource = program->source().toString();
+    if (programSource.isNull())
+        return jsUndefined();
     if (programSource.is8Bit()) {
         LiteralParser<LChar> literalParser(callFrame, programSource.characters8(), programSource.length(), JSONP);
         parseResult = literalParser.tryJSONPParse(JSONPData, scopeChain->globalObject->globalObjectMethodTable()->supportsRichSourceInfo(scopeChain->globalObject.get()));
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to