[webkit-changes] [109852] tags/Safari-536.2.1

Mon, 05 Mar 2012 21:15:57 -0800

Title: [109852] tags/Safari-536.2.1

Diff

Modified: tags/Safari-536.2.1/LayoutTests/ChangeLog (109851 => 109852)


--- tags/Safari-536.2.1/LayoutTests/ChangeLog	2012-03-06 05:13:00 UTC (rev 109851)
+++ tags/Safari-536.2.1/LayoutTests/ChangeLog	2012-03-06 05:15:47 UTC (rev 109852)
@@ -1,3 +1,19 @@
+2011-03-05  Lucas Forschler  <lforsch...@apple.com>
+
+    Merge 109594
+
+    2012-03-02  Maciej Stachowiak  <m...@apple.com>
+
+            REGRESSION(r97353): Crash when accessing location or history properties inside a navigated window
+            https://bugs.webkit.org/show_bug.cgi?id=80133
+
+            Reviewed by Antti Koivisto.
+
+            * fast/dom/Window/navigated-window-properties-expected.txt: Added.
+            * fast/dom/Window/navigated-window-properties.html: Added.
+            * fast/dom/Window/resources/navigated-window-prop-subframe1.html: Added.
+            * fast/dom/Window/resources/navigated-window-prop-subframe2.html: Added.
+
 2012-02-29  Adam Klein  <ad...@chromium.org>
 
         Rebaseline line-grid tests for Chromium after r109267.

Copied: tags/Safari-536.2.1/LayoutTests/fast/dom/Window/navigated-window-properties-expected.txt (from rev 109594, trunk/LayoutTests/fast/dom/Window/navigated-window-properties-expected.txt) (0 => 109852)


--- tags/Safari-536.2.1/LayoutTests/fast/dom/Window/navigated-window-properties-expected.txt	                        (rev 0)
+++ tags/Safari-536.2.1/LayoutTests/fast/dom/Window/navigated-window-properties-expected.txt	2012-03-06 05:15:47 UTC (rev 109852)
@@ -0,0 +1,3 @@
+Accessing properties of a navigated window shouldn't crash
+
+

Copied: tags/Safari-536.2.1/LayoutTests/fast/dom/Window/navigated-window-properties.html (from rev 109594, trunk/LayoutTests/fast/dom/Window/navigated-window-properties.html) (0 => 109852)


--- tags/Safari-536.2.1/LayoutTests/fast/dom/Window/navigated-window-properties.html	                        (rev 0)
+++ tags/Safari-536.2.1/LayoutTests/fast/dom/Window/navigated-window-properties.html	2012-03-06 05:15:47 UTC (rev 109852)
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<title>Properties of a navigated window shouldn't crash</title>
+
+<p>Accessing properties of a navigated window shouldn't crash</p>
+
+<script>
+if (window.layoutTestController) {
+    layoutTestController.waitUntilDone();
+    layoutTestController.dumpAsText();
+}
+
+
+var func;
+function testPhase1() {
+    var subframe = document.getElementById("subframe");
+    func = subframe.contentWindow.testFunction;
+    subframe.src = ""
+}
+
+function testPhase2() {
+    func();
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+</script>
+<iframe id="subframe" src=""

Copied: tags/Safari-536.2.1/LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe1.html (from rev 109594, trunk/LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe1.html) (0 => 109852)


--- tags/Safari-536.2.1/LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe1.html	                        (rev 0)
+++ tags/Safari-536.2.1/LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe1.html	2012-03-06 05:15:47 UTC (rev 109852)
@@ -0,0 +1,9 @@
+<script>
+function testFunction() {
+    try {
+         var s = location.href + history.length;
+    } catch (e) {
+    }
+}
+parent.testPhase1();
+</script>

Copied: tags/Safari-536.2.1/LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe2.html (from rev 109594, trunk/LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe2.html) (0 => 109852)


--- tags/Safari-536.2.1/LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe2.html	                        (rev 0)
+++ tags/Safari-536.2.1/LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe2.html	2012-03-06 05:15:47 UTC (rev 109852)
@@ -0,0 +1,3 @@
+<script>
+parent.testPhase2();
+</script>

Modified: tags/Safari-536.2.1/Source/WebCore/ChangeLog (109851 => 109852)


--- tags/Safari-536.2.1/Source/WebCore/ChangeLog	2012-03-06 05:13:00 UTC (rev 109851)
+++ tags/Safari-536.2.1/Source/WebCore/ChangeLog	2012-03-06 05:15:47 UTC (rev 109852)
@@ -1,5 +1,28 @@
 2011-03-05  Lucas Forschler  <lforsch...@apple.com>
 
+    Merge 109594
+
+    2012-03-02  Maciej Stachowiak  <m...@apple.com>
+
+            REGRESSION(r97353): Crash when accessing location or history properties inside a navigated window
+            https://bugs.webkit.org/show_bug.cgi?id=80133
+            <rdar://problem/10432233>
+
+            Reviewed by Antti Koivisto.
+
+            Test: fast/dom/Window/navigated-window-properties.html
+
+            * bindings/js/JSDOMWindowCustom.cpp:
+            (WebCore): Remove custom getters for window.location and window.history; they
+            were unnecessary and did the wrong thing when DOMWindow returned null values 
+            for these.
+            * page/DOMWindow.idl: ditto
+            * bindings/js/JSDOMBinding.cpp:
+            (WebCore::reportException): Remove assert about null values and update comment,
+            since this is now an expected state for navigated inner windows.
+
+2011-03-05  Lucas Forschler  <lforsch...@apple.com>
+
     Merge 109486
 
     2012-03-01  Anders Carlsson  <ander...@apple.com>

Modified: tags/Safari-536.2.1/Source/WebCore/bindings/js/JSDOMBinding.cpp (109851 => 109852)


--- tags/Safari-536.2.1/Source/WebCore/bindings/js/JSDOMBinding.cpp	2012-03-06 05:13:00 UTC (rev 109851)
+++ tags/Safari-536.2.1/Source/WebCore/bindings/js/JSDOMBinding.cpp	2012-03-06 05:15:47 UTC (rev 109852)
@@ -161,9 +161,8 @@
         errorMessage = stringToUString(exceptionBase->message() + ": "  + exceptionBase->description());
 
     ScriptExecutionContext* scriptExecutionContext = static_cast<JSDOMGlobalObject*>(exec->lexicalGlobalObject())->scriptExecutionContext();
-    ASSERT(scriptExecutionContext);
 
-    // Crash data indicates null-dereference crashes at this point in the Safari 4 Public Beta.
+    // scriptExecutionContext can be null when the relevant global object is a stale inner window object.
     // It's harmless to return here without reporting the exception to the log and the debugger in this case.
     if (!scriptExecutionContext)
         return;

Modified: tags/Safari-536.2.1/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (109851 => 109852)


--- tags/Safari-536.2.1/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp	2012-03-06 05:13:00 UTC (rev 109851)
+++ tags/Safari-536.2.1/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp	2012-03-06 05:15:47 UTC (rev 109852)
@@ -404,30 +404,6 @@
 
 // Custom Attributes
 
-JSValue JSDOMWindow::history(ExecState* exec) const
-{
-    History* history = impl()->history();
-    if (JSDOMWrapper* wrapper = getCachedWrapper(currentWorld(exec), history))
-        return wrapper;
-
-    JSDOMWindow* window = const_cast<JSDOMWindow*>(this);
-    JSHistory* jsHistory = JSHistory::create(getDOMStructure<JSHistory>(exec, window), window, history);
-    cacheWrapper(currentWorld(exec), history, jsHistory);
-    return jsHistory;
-}
-
-JSValue JSDOMWindow::location(ExecState* exec) const
-{
-    Location* location = impl()->location();
-    if (JSDOMWrapper* wrapper = getCachedWrapper(currentWorld(exec), location))
-        return wrapper;
-
-    JSDOMWindow* window = const_cast<JSDOMWindow*>(this);
-    JSLocation* jsLocation = JSLocation::create(getDOMStructure<JSLocation>(exec, window), window, location);
-    cacheWrapper(currentWorld(exec), location, jsLocation);
-    return jsLocation;
-}
-
 void JSDOMWindow::setLocation(ExecState* exec, JSValue value)
 {
 #if ENABLE(DASHBOARD_SUPPORT)

Modified: tags/Safari-536.2.1/Source/WebCore/page/DOMWindow.idl (109851 => 109852)


--- tags/Safari-536.2.1/Source/WebCore/page/DOMWindow.idl	2012-03-06 05:13:00 UTC (rev 109851)
+++ tags/Safari-536.2.1/Source/WebCore/page/DOMWindow.idl	2012-03-06 05:15:47 UTC (rev 109852)
@@ -45,7 +45,7 @@
     ] DOMWindow {
         // DOM Level 0
         attribute [Replaceable] Screen screen;
-        attribute [Replaceable, DoNotCheckSecurityOnGetter, JSCustomGetter] History history;
+        attribute [Replaceable, DoNotCheckSecurityOnGetter] History history;
         attribute [Replaceable] BarInfo locationbar;
         attribute [Replaceable] BarInfo menubar;
         attribute [Replaceable] BarInfo personalbar;
@@ -56,7 +56,7 @@
         attribute [Replaceable] Navigator clientInformation;
         readonly attribute Crypto crypto;
 #if !defined(LANGUAGE_CPP) || !LANGUAGE_CPP
-        attribute [DoNotCheckSecurity, JSCustom, V8CustomSetter, V8Unforgeable] Location location;
+        attribute [DoNotCheckSecurity, CustomSetter, V8Unforgeable] Location location;
 #endif
         attribute [Replaceable, CustomGetter, V8CustomSetter] Event event;

Modified: tags/Safari-536.2.1/Source/WebCore/platform/sql/SQLiteStatement.cpp (109851 => 109852)


--- tags/Safari-536.2.1/Source/WebCore/platform/sql/SQLiteStatement.cpp	2012-03-06 05:13:00 UTC (rev 109851)
+++ tags/Safari-536.2.1/Source/WebCore/platform/sql/SQLiteStatement.cpp	2012-03-06 05:15:47 UTC (rev 109852)
@@ -97,7 +97,7 @@
     MutexLocker databaseLock(m_database.databaseMutex());
     if (m_database.isInterrupted())
         return SQLITE_INTERRUPT;
-    ASSERT(m_isPrepared);
+    //ASSERT(m_isPrepared);
 
     if (!m_statement)
         return SQLITE_OK;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to