Changeset 142565 in webkit


Ignore:
Timestamp:
Feb 11, 2013 6:06:13 PM (11 years ago)
Author:
haraken@chromium.org
Message:

[V8] ScheduledAction::m_context can be empty, so we shouldn't
retrieve an Isolate by using m_context->GetIsolate()
https://bugs.webkit.org/show_bug.cgi?id=109523

Reviewed by Adam Barth.

Chromium bug: https://code.google.com/p/chromium/issues/detail?id=175307#makechanges

Currently ScheduledAction is retrieving an Isolate by using m_context->GetIsolate().
This can crash because ScheduledAction::m_context can be empty. Specifically,
ScheduledAction::m_context is set to ScriptController::currentWorldContext(),
which can return an empty handle when a frame does not exist. In addition,
'if(context.IsEmpty())' in ScheduledAction.cpp implies that it can be empty.

Alternately, we should pass an Isolate explicitly when a ScheduledAction is instantiated.

No tests. The Chromium crash report doesn't provide enough information
to reproduce the bug.

  • bindings/v8/ScheduledAction.cpp:

(WebCore::ScheduledAction::ScheduledAction):
(WebCore):
(WebCore::ScheduledAction::~ScheduledAction):

  • bindings/v8/ScheduledAction.h:

(ScheduledAction):

  • bindings/v8/custom/V8DOMWindowCustom.cpp:

(WebCore::WindowSetTimeoutImpl):

  • bindings/v8/custom/V8WorkerContextCustom.cpp:

(WebCore::SetTimeoutOrInterval):

Location:
trunk/Source/WebCore
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r142563 r142565  
     12013-02-11  Kentaro Hara  <haraken@chromium.org>
     2
     3        [V8] ScheduledAction::m_context can be empty, so we shouldn't
     4        retrieve an Isolate by using m_context->GetIsolate()
     5        https://bugs.webkit.org/show_bug.cgi?id=109523
     6
     7        Reviewed by Adam Barth.
     8
     9        Chromium bug: https://code.google.com/p/chromium/issues/detail?id=175307#makechanges
     10
     11        Currently ScheduledAction is retrieving an Isolate by using m_context->GetIsolate().
     12        This can crash because ScheduledAction::m_context can be empty. Specifically,
     13        ScheduledAction::m_context is set to ScriptController::currentWorldContext(),
     14        which can return an empty handle when a frame does not exist. In addition,
     15        'if(context.IsEmpty())' in ScheduledAction.cpp implies that it can be empty.
     16
     17        Alternately, we should pass an Isolate explicitly when a ScheduledAction is instantiated.
     18
     19        No tests. The Chromium crash report doesn't provide enough information
     20        to reproduce the bug.
     21
     22        * bindings/v8/ScheduledAction.cpp:
     23        (WebCore::ScheduledAction::ScheduledAction):
     24        (WebCore):
     25        (WebCore::ScheduledAction::~ScheduledAction):
     26        * bindings/v8/ScheduledAction.h:
     27        (ScheduledAction):
     28        * bindings/v8/custom/V8DOMWindowCustom.cpp:
     29        (WebCore::WindowSetTimeoutImpl):
     30        * bindings/v8/custom/V8WorkerContextCustom.cpp:
     31        (WebCore::SetTimeoutOrInterval):
     32
    1332013-02-11  Adenilson Cavalcanti  <cavalcantii@gmail.com>
    234

  • trunk/Source/WebCore/bindings/v8/ScheduledAction.cpp

    r142250 r142565  
    5050namespace WebCore {
    5151
    52 ScheduledAction::ScheduledAction(v8::Handle<v8::Context> context, v8::Handle<v8::Function> function, int argc, v8::Handle<v8::Value> argv[])
     52ScheduledAction::ScheduledAction(v8::Handle<v8::Context> context, v8::Handle<v8::Function> function, int argc, v8::Handle<v8::Value> argv[], v8::Isolate* isolate)
    5353    : m_context(context)
    5454    , m_function(function)
    5555    , m_code(String(), KURL(), TextPosition::belowRangePosition())
     56    , m_isolate(isolate)
    5657{
    57     v8::Isolate* isolate = m_context->GetIsolate();
    5858    m_args.reserveCapacity(argc);
    5959    for (int i = 0; i < argc; ++i)
    60         m_args.append(v8::Persistent<v8::Value>::New(isolate, argv[i]));
     60        m_args.append(v8::Persistent<v8::Value>::New(m_isolate, argv[i]));
     61}
     62
     63ScheduledAction::ScheduledAction(v8::Handle<v8::Context> context, const String& code, const KURL& url, v8::Isolate* isolate)
     64    : m_context(context)
     65    , m_code(code, url)
     66    , m_isolate(isolate)
     67{
    6168}
    6269
     
    6471{
    6572    for (size_t i = 0; i < m_args.size(); ++i) {
    66         m_args[i].Dispose(m_context->GetIsolate());
     73        m_args[i].Dispose(m_isolate);
    6774        m_args[i].Clear();
    6875    }

  • trunk/Source/WebCore/bindings/v8/ScheduledAction.h

    r126484 r142565  
    4646class ScheduledAction {
    4747public:
    48     ScheduledAction(v8::Handle<v8::Context>, v8::Handle<v8::Function>, int argc, v8::Handle<v8::Value> argv[]);
     48    ScheduledAction(v8::Handle<v8::Context>, v8::Handle<v8::Function>, int argc, v8::Handle<v8::Value> argv[], v8::Isolate*);
     49    ScheduledAction(v8::Handle<v8::Context>, const String&, const KURL&, v8::Isolate*);
     50    ~ScheduledAction();
    4951
    50     ScheduledAction(v8::Handle<v8::Context> context, const String& code, const KURL& url = KURL())
    51         : m_context(context)
    52         , m_code(code, url)
    53     {
    54     }
    55 
    56     ~ScheduledAction();
    5752    void execute(ScriptExecutionContext*);
    5853
     
    6762    Vector<v8::Persistent<v8::Value> > m_args;
    6863    ScriptSourceCode m_code;
     64    v8::Isolate* m_isolate;
    6965};
    7066

  • trunk/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp

    r141977 r142565  
    122122        // params is passed to action, and released in action's destructor
    123123        ASSERT(imp->frame());
    124         OwnPtr<ScheduledAction> action = adoptPtr(new ScheduledAction(imp->frame()->script()->currentWorldContext(), v8::Handle<v8::Function>::Cast(function), paramCount, params));
     124        OwnPtr<ScheduledAction> action = adoptPtr(new ScheduledAction(imp->frame()->script()->currentWorldContext(), v8::Handle<v8::Function>::Cast(function), paramCount, params, args.GetIsolate()));
    125125
    126126        // FIXME: We should use OwnArrayPtr for params.
     
    132132            return v8Integer(0, args.GetIsolate());
    133133        ASSERT(imp->frame());
    134         id = DOMTimer::install(scriptContext, adoptPtr(new ScheduledAction(imp->frame()->script()->currentWorldContext(), functionString)), timeout, singleShot);
     134        id = DOMTimer::install(scriptContext, adoptPtr(new ScheduledAction(imp->frame()->script()->currentWorldContext(), functionString, KURL(), args.GetIsolate())), timeout, singleShot);
    135135    }
    136136

  • trunk/Source/WebCore/bindings/v8/custom/V8WorkerContextCustom.cpp

    r138665 r142565  
    7171        }
    7272        WTF::String stringFunction = toWebCoreString(function);
    73         timerId = DOMTimer::install(workerContext, adoptPtr(new ScheduledAction(v8Context, stringFunction, workerContext->url())), timeout, singleShot);
     73        timerId = DOMTimer::install(workerContext, adoptPtr(new ScheduledAction(v8Context, stringFunction, workerContext->url(), args.GetIsolate())), timeout, singleShot);
    7474    } else if (function->IsFunction()) {
    7575        size_t paramCount = argumentCount >= 2 ? argumentCount - 2 : 0;
     
    8181        }
    8282        // ScheduledAction takes ownership of actual params and releases them in its destructor.
    83         OwnPtr<ScheduledAction> action = adoptPtr(new ScheduledAction(v8Context, v8::Handle<v8::Function>::Cast(function), paramCount, params));
     83        OwnPtr<ScheduledAction> action = adoptPtr(new ScheduledAction(v8Context, v8::Handle<v8::Function>::Cast(function), paramCount, params, args.GetIsolate()));
    8484        // FIXME: We should use a OwnArrayPtr for params.
    8585        delete [] params;
Note: See TracChangeset for help on using the changeset viewer.