Title: [114989] trunk
- Revision
- 114989
- Author
- a...@chromium.org
- Date
- 2012-04-23 20:21:48 -0700 (Mon, 23 Apr 2012)
Log Message
[V8] Fix issue with trying to access a constructor in a frame that has been removed
https://bugs.webkit.org/show_bug.cgi?id=84640
Reviewed by Kentaro Hara.
Source/WebCore:
This regressed in r113250. Now we do what we did before and return undefined if the frame
does not have a context.
Test: fast/dom/constructor-in-removed-frame.html
* bindings/v8/V8DOMWrapper.cpp:
(WebCore::V8DOMWrapper::constructorForType):
LayoutTests:
* fast/dom/constructor-in-removed-frame-expected.txt: Added.
* fast/dom/constructor-in-removed-frame.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (114988 => 114989)
--- trunk/LayoutTests/ChangeLog 2012-04-24 03:19:36 UTC (rev 114988)
+++ trunk/LayoutTests/ChangeLog 2012-04-24 03:21:48 UTC (rev 114989)
@@ -1,3 +1,13 @@
+2012-04-23 Erik Arvidsson <a...@chromium.org>
+
+ [V8] Fix issue with trying to access a constructor in a frame that has been removed
+ https://bugs.webkit.org/show_bug.cgi?id=84640
+
+ Reviewed by Kentaro Hara.
+
+ * fast/dom/constructor-in-removed-frame-expected.txt: Added.
+ * fast/dom/constructor-in-removed-frame.html: Added.
+
2012-04-23 Sheriff Bot <webkit.review....@gmail.com>
Unreviewed, rolling out r114965.
Added: trunk/LayoutTests/fast/dom/constructor-in-removed-frame-expected.txt (0 => 114989)
--- trunk/LayoutTests/fast/dom/constructor-in-removed-frame-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/dom/constructor-in-removed-frame-expected.txt 2012-04-24 03:21:48 UTC (rev 114989)
@@ -0,0 +1 @@
+PASS
Added: trunk/LayoutTests/fast/dom/constructor-in-removed-frame.html (0 => 114989)
--- trunk/LayoutTests/fast/dom/constructor-in-removed-frame.html (rev 0)
+++ trunk/LayoutTests/fast/dom/constructor-in-removed-frame.html 2012-04-24 03:21:48 UTC (rev 114989)
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<p>FAIL</p>
+<iframe src=""
+<script>
+
+window._onload_ = function() {
+ if (window.layoutTestController) {
+ layoutTestController.waitUntilDone();
+ layoutTestController.dumpAsText();
+
+ var iframeElement = document.querySelector('iframe');
+ iframeElement._onload_ = function() {
+ var frame = window.frames[0];
+ iframeElement.parentNode.removeChild(iframeElement);
+
+ // The V8 bindings does not keep the frame constructor alive but at least it should not crash!
+ frame.Window;
+
+ document.body.textContent = 'PASS';
+ layoutTestController.notifyDone();
+ };
+ iframeElement.src = '';
+ }
+};
+
+</script>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (114988 => 114989)
--- trunk/Source/WebCore/ChangeLog 2012-04-24 03:19:36 UTC (rev 114988)
+++ trunk/Source/WebCore/ChangeLog 2012-04-24 03:21:48 UTC (rev 114989)
@@ -1,3 +1,18 @@
+2012-04-23 Erik Arvidsson <a...@chromium.org>
+
+ [V8] Fix issue with trying to access a constructor in a frame that has been removed
+ https://bugs.webkit.org/show_bug.cgi?id=84640
+
+ Reviewed by Kentaro Hara.
+
+ This regressed in r113250. Now we do what we did before and return undefined if the frame
+ does not have a context.
+
+ Test: fast/dom/constructor-in-removed-frame.html
+
+ * bindings/v8/V8DOMWrapper.cpp:
+ (WebCore::V8DOMWrapper::constructorForType):
+
2012-04-23 Chris Rogers <crog...@google.com>
Oscillator::setWaveTable() should not reset oscillator phase
Modified: trunk/Source/WebCore/bindings/v8/V8DOMWrapper.cpp (114988 => 114989)
--- trunk/Source/WebCore/bindings/v8/V8DOMWrapper.cpp 2012-04-24 03:19:36 UTC (rev 114988)
+++ trunk/Source/WebCore/bindings/v8/V8DOMWrapper.cpp 2012-04-24 03:21:48 UTC (rev 114989)
@@ -87,7 +87,11 @@
Frame* frame = window->frame();
if (!frame)
return v8::Local<v8::Function>();
- return V8Proxy::retrievePerContextData(frame)->constructorForType(type);
+
+ if (V8BindingPerContextData* contextData = V8Proxy::retrievePerContextData(frame))
+ return contextData->constructorForType(type);
+
+ return v8::Local<v8::Function>();
}
#if ENABLE(WORKERS)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
