Changeset 109594 in webkit

Timestamp:

Mar 2, 2012 11:58:36 AM (12 years ago)

Author:

mjs@apple.com

Message:

Source/WebCore: REGRESSION(r97353): Crash when accessing location or history properties inside a navigated window
​https://bugs.webkit.org/show_bug.cgi?id=80133
<rdar://problem/10432233>

Reviewed by Antti Koivisto.

Test: fast/dom/Window/navigated-window-properties.html

• bindings/js/JSDOMWindowCustom.cpp:

(WebCore): Remove custom getters for window.location and window.history; they
were unnecessary and did the wrong thing when DOMWindow returned null values
for these.

• page/DOMWindow.idl: ditto
• bindings/js/JSDOMBinding.cpp:

(WebCore::reportException): Remove assert about null values and update comment,
since this is now an expected state for navigated inner windows.

LayoutTests: REGRESSION(r97353): Crash when accessing location or history properties inside a navigated window
​https://bugs.webkit.org/show_bug.cgi?id=80133

Reviewed by Antti Koivisto.

• fast/dom/Window/navigated-window-properties-expected.txt: Added.
• fast/dom/Window/navigated-window-properties.html: Added.
• fast/dom/Window/resources/navigated-window-prop-subframe1.html: Added.
• fast/dom/Window/resources/navigated-window-prop-subframe2.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/dom/Window/navigated-window-properties-expected.txt (added)
• LayoutTests/fast/dom/Window/navigated-window-properties.html (added)
• LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe1.html (added)
• LayoutTests/fast/dom/Window/resources/navigated-window-prop-subframe2.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/bindings/js/JSDOMBinding.cpp (modified) (1 diff)
• Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (modified) (1 diff)
• Source/WebCore/page/DOMWindow.idl (modified) (2 diffs)
• Source/WebCore/platform/sql/SQLiteStatement.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2012-03-02  Maciej Stachowiak  <mjs@apple.com>
+
+        REGRESSION(r97353): Crash when accessing location or history properties inside a navigated window
+        https://bugs.webkit.org/show_bug.cgi?id=80133
+
+        Reviewed by Antti Koivisto.
+
+        * fast/dom/Window/navigated-window-properties-expected.txt: Added.
+        * fast/dom/Window/navigated-window-properties.html: Added.
+        * fast/dom/Window/resources/navigated-window-prop-subframe1.html: Added.
+        * fast/dom/Window/resources/navigated-window-prop-subframe2.html: Added.
+
 2012-03-02  Ryosuke Niwa  <rniwa@webkit.org>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2012-03-02  Maciej Stachowiak  <mjs@apple.com>
+
+        REGRESSION(r97353): Crash when accessing location or history properties inside a navigated window
+        https://bugs.webkit.org/show_bug.cgi?id=80133
+        <rdar://problem/10432233>
+        
+        Reviewed by Antti Koivisto.
+
+        Test: fast/dom/Window/navigated-window-properties.html
+
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore): Remove custom getters for window.location and window.history; they
+        were unnecessary and did the wrong thing when DOMWindow returned null values 
+        for these.
+        * page/DOMWindow.idl: ditto
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::reportException): Remove assert about null values and update comment,
+        since this is now an expected state for navigated inner windows.
+
 2012-03-02  Ryosuke Niwa  <rniwa@webkit.org>
 

trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp

@@ -162 +162 @@
 
     ScriptExecutionContext* scriptExecutionContext = static_cast<JSDOMGlobalObject*>(exec->lexicalGlobalObject())->scriptExecutionContext();
-    ASSERT(scriptExecutionContext);
-
-    // Crash data indicates null-dereference crashes at this point in the Safari 4 Public Beta.
+
+    // scriptExecutionContext can be null when the relevant global object is a stale inner window object.
     // It's harmless to return here without reporting the exception to the log and the debugger in this case.
     if (!scriptExecutionContext)

trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp

@@ -405 +405 @@
 // Custom Attributes
 
-JSValue JSDOMWindow::history(ExecState* exec) const
-{
-    History* history = impl()->history();
-    if (JSDOMWrapper* wrapper = getCachedWrapper(currentWorld(exec), history))
-        return wrapper;
-
-    JSDOMWindow* window = const_cast<JSDOMWindow*>(this);
-    JSHistory* jsHistory = JSHistory::create(getDOMStructure<JSHistory>(exec, window), window, history);
-    cacheWrapper(currentWorld(exec), history, jsHistory);
-    return jsHistory;
-}
-
-JSValue JSDOMWindow::location(ExecState* exec) const
-{
-    Location* location = impl()->location();
-    if (JSDOMWrapper* wrapper = getCachedWrapper(currentWorld(exec), location))
-        return wrapper;
-
-    JSDOMWindow* window = const_cast<JSDOMWindow*>(this);
-    JSLocation* jsLocation = JSLocation::create(getDOMStructure<JSLocation>(exec, window), window, location);
-    cacheWrapper(currentWorld(exec), location, jsLocation);
-    return jsLocation;
-}
-
 void JSDOMWindow::setLocation(ExecState* exec, JSValue value)
 {

trunk/Source/WebCore/page/DOMWindow.idl

@@ -46 +46 @@
         // DOM Level 0
         attribute [Replaceable] Screen screen;
-        attribute [Replaceable, DoNotCheckSecurityOnGetter, JSCustomGetter] History history;
+        attribute [Replaceable, DoNotCheckSecurityOnGetter] History history;
         attribute [Replaceable] BarInfo locationbar;
         attribute [Replaceable] BarInfo menubar;
@@ -57 +57 @@
         readonly attribute Crypto crypto;
 #if !defined(LANGUAGE_CPP) || !LANGUAGE_CPP
-        attribute [DoNotCheckSecurity, JSCustom, V8CustomSetter, V8Unforgeable] Location location;
+        attribute [DoNotCheckSecurity, CustomSetter, V8Unforgeable] Location location;
 #endif
         attribute [Replaceable, CustomGetter, V8CustomSetter] Event event;

trunk/Source/WebCore/platform/sql/SQLiteStatement.cpp

@@ -98 +98 @@
     if (m_database.isInterrupted())
         return SQLITE_INTERRUPT;
-    ASSERT(m_isPrepared);
+    //ASSERT(m_isPrepared);
 
     if (!m_statement)