Changeset 137964 in webkit
- Timestamp:
- Dec 17, 2012 5:43:21 PM (11 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r137963 r137964 1 2012-12-17 Mathew Dempsky <mdempsky@google.com> 2 3 Regression causing DOM objects to have unstable NPObject* references with v8 bindings 4 https://bugs.webkit.org/show_bug.cgi?id=104921 5 6 Reviewed by Kentaro Hara. 7 8 Add variant of embed-property-equality test to verify that the 9 test still passes when the object being tested for equality 10 has already been remembered by a plugin from a different 11 JavaScript context. 12 13 * plugins/npruntime/embed-property-iframe-equality.html: Added. 14 * plugins/npruntime/embed-property-iframe-equality-expected.txt: Added. 15 1 16 2012-12-17 Filip Pizlo <fpizlo@apple.com> 2 17 -
trunk/Source/WebCore/ChangeLog
r137962 r137964 1 2012-12-17 Matthew Dempsky <mdempsky@google.com> 2 3 Regression causing DOM objects to have unstable NPObject* references with v8 bindings 4 https://bugs.webkit.org/show_bug.cgi?id=104921 5 6 Reviewed by Kentaro Hara. 7 8 Fix regression introduced by changeset 135804 resulting in 9 unstable NPObject* references for v8 objects. In the iter != 10 v8NPObjectMap->end() code path, objectVector was left unassigned 11 if the for loop terminated without returning. 12 13 Also, V8Object::GetIdentityHash() is documented as not being guaranteed 14 as unique. As such, don't ASSERT() that two objects with the same hash 15 must therefor be the same object. 16 17 Tests: plugins/npruntime/embed-property-iframe-equality.html 18 19 * bindings/v8/NPV8Object.cpp: 20 (WebCore::npCreateV8ScriptObject): Fix. 21 1 22 2012-12-17 Chris Fleizach <cfleizach@apple.com> 2 23 -
trunk/Source/WebCore/bindings/v8/NPV8Object.cpp
r136819 r137964 156 156 for (size_t index = 0; index < objects.size(); ++index) { 157 157 V8NPObject* v8npObject = objects.at(index); 158 if (v8npObject->rootObject == root) { 159 ASSERT(v8npObject->v8Object == object); 158 if (v8npObject->v8Object == object && v8npObject->rootObject == root) { 160 159 _NPN_RetainObject(&v8npObject->object); 161 160 return reinterpret_cast<NPObject*>(v8npObject); … … 164 163 } else { 165 164 iter = v8NPObjectMap->set(v8ObjectHash, V8NPObjectVector()).iterator; 166 objectVector = &iter->value;167 165 } 166 objectVector = &iter->value; 168 167 } 169 168 V8NPObject* v8npObject = reinterpret_cast<V8NPObject*>(_NPN_CreateObject(npp, &V8NPObjectClass));
Note: See TracChangeset
for help on using the changeset viewer.