Title: [125912] trunk/Source/WebCore
- Revision
- 125912
- Author
- [email protected]
- Date
- 2012-08-17 10:45:51 -0700 (Fri, 17 Aug 2012)
Log Message
REGRESSION (r125592): Crash in Console::addMessage, under InjectedBundle::reportException
https://bugs.webkit.org/show_bug.cgi?id=94220
Reviewed by Alexey Proskuryakov.
Previously, this code was trying to detect whether a DOMWindow is
currently displayed in a Frame by testing whether
DOMWindow->scriptExecutionContext is zero. That used to work, but now
that DOMWindow->scriptExecutionContext is non-zero for detached
DOMWindow, this code doesn't work anymore. This patch replaces the code
with the current idiom, which is to call
DOMWindow::isCurrentDisplayedInFrame.
Alexey and I couldn't figure out how to test this change. This bug
causes a crash when some Safari extensions are installed, but it's not
clear whether this bug can be triggered from the web platform. We're
going to ask Jessie for ideas when she gets back from vacation.
* bindings/js/JSDOMBinding.cpp:
(WebCore::reportException):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (125911 => 125912)
--- trunk/Source/WebCore/ChangeLog 2012-08-17 17:41:55 UTC (rev 125911)
+++ trunk/Source/WebCore/ChangeLog 2012-08-17 17:45:51 UTC (rev 125912)
@@ -1,3 +1,26 @@
+2012-08-17 Adam Barth <[email protected]>
+
+ REGRESSION (r125592): Crash in Console::addMessage, under InjectedBundle::reportException
+ https://bugs.webkit.org/show_bug.cgi?id=94220
+
+ Reviewed by Alexey Proskuryakov.
+
+ Previously, this code was trying to detect whether a DOMWindow is
+ currently displayed in a Frame by testing whether
+ DOMWindow->scriptExecutionContext is zero. That used to work, but now
+ that DOMWindow->scriptExecutionContext is non-zero for detached
+ DOMWindow, this code doesn't work anymore. This patch replaces the code
+ with the current idiom, which is to call
+ DOMWindow::isCurrentDisplayedInFrame.
+
+ Alexey and I couldn't figure out how to test this change. This bug
+ causes a crash when some Safari extensions are installed, but it's not
+ clear whether this bug can be triggered from the web platform. We're
+ going to ask Jessie for ideas when she gets back from vacation.
+
+ * bindings/js/JSDOMBinding.cpp:
+ (WebCore::reportException):
+
2012-08-17 Sheriff Bot <[email protected]>
Unreviewed, rolling out r125892.
Modified: trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp (125911 => 125912)
--- trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp 2012-08-17 17:41:55 UTC (rev 125911)
+++ trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp 2012-08-17 17:45:51 UTC (rev 125912)
@@ -158,14 +158,10 @@
if (ExceptionBase* exceptionBase = toExceptionBase(exception))
errorMessage = stringToUString(exceptionBase->message() + ": " + exceptionBase->description());
- ScriptExecutionContext* scriptExecutionContext = jsCast<JSDOMGlobalObject*>(exec->lexicalGlobalObject())->scriptExecutionContext();
-
- // scriptExecutionContext can be null when the relevant global object is a stale inner window object.
- // It's harmless to return here without reporting the exception to the log and the debugger in this case.
- if (!scriptExecutionContext)
+ DOMWindow* activeWindow = activeDOMWindow(exec);
+ if (!activeWindow->isCurrentlyDisplayedInFrame())
return;
-
- scriptExecutionContext->reportException(ustringToString(errorMessage), lineNumber, ustringToString(exceptionSourceURL), 0);
+ activeWindow->scriptExecutionContext()->reportException(ustringToString(errorMessage), lineNumber, ustringToString(exceptionSourceURL), 0);
}
void reportCurrentException(ExecState* exec)
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
