Changeset 149671 in webkit


Ignore:
Timestamp:
May 7, 2013 8:33:02 AM (11 years ago)
Author:
allan.jensen@digia.com
Message:

Crash when calling QWebFrame::evaluateJavaScript
https://bugs.webkit.org/show_bug.cgi?id=113434

Reviewed by Simon Hausmann.

Ensure we hold the JSLock when converting JSValue to JSValueRef.

  • Api/qwebelement.cpp:

(setupScriptContext):
(QWebElement::evaluateJavaScript):

  • WebCoreSupport/QWebFrameAdapter.cpp:

(QWebFrameAdapter::evaluateJavaScript):

Location:
trunk/Source/WebKit/qt
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/qt/Api/qwebelement.cpp

    r149532 r149671  
    4646#include "RenderImage.h"
    4747#include "ScriptController.h"
     48#include "ScriptSourceCode.h"
    4849#include "ScriptState.h"
    4950#include "StaticNodeList.h"
     
    711712}
    712713
    713 static bool setupScriptContext(WebCore::Element* element, JSC::JSValue& thisValue, ScriptState*& state, ScriptController*& scriptController)
     714static bool setupScriptContext(WebCore::Element* element, ScriptState*& state, ScriptController*& scriptController)
    714715{
    715716    if (!element)
     
    732733        return false;
    733734
    734     thisValue = toJS(state, deprecatedGlobalObjectForPrototype(state), element);
    735     if (!thisValue)
    736         return false;
    737 
    738735    return true;
    739736}
     
    748745
    749746    ScriptState* state = 0;
    750     JSC::JSValue thisValue;
    751747    ScriptController* scriptController = 0;
    752748
    753     if (!setupScriptContext(m_element, thisValue, state, scriptController))
     749    if (!setupScriptContext(m_element, state, scriptController))
    754750        return QVariant();
    755     String script(reinterpret_cast_ptr<const UChar*>(scriptSource.data()), scriptSource.length());
     751
     752    JSC::JSLockHolder lock(state);
     753    RefPtr<Element> protect = m_element;
     754
     755    JSC::JSValue thisValue = toJS(state, toJSDOMGlobalObject(m_element->document(), state), m_element);
     756    if (!thisValue)
     757        return QVariant();
     758
     759    ScriptSourceCode sourceCode(scriptSource);
    756760
    757761    JSC::JSValue evaluationException;
    758     JSC::JSValue evaluationResult = JSC::evaluate(state, JSC::makeSource(script), thisValue, &evaluationException);
     762    JSC::JSValue evaluationResult = JSC::evaluate(state, sourceCode.jsSourceCode(), thisValue, &evaluationException);
    759763    if (evaluationException)
    760764        return QVariant();
     765    JSValueRef evaluationResultRef = toRef(state, evaluationResult);
    761766
    762767    int distance = 0;
    763768    JSValueRef* ignoredException = 0;
    764     return JSC::Bindings::convertValueToQVariant(toRef(state), toRef(state, evaluationResult), QMetaType::Void, &distance, ignoredException);
     769    return JSC::Bindings::convertValueToQVariant(toRef(state), evaluationResultRef, QMetaType::Void, &distance, ignoredException);
    765770}
    766771

  • trunk/Source/WebKit/qt/ChangeLog

    r149532 r149671  
     12013-05-07  Allan Sandfeld Jensen  <allan.jensen@digia.com>
     2
     3        Crash when calling QWebFrame::evaluateJavaScript
     4        https://bugs.webkit.org/show_bug.cgi?id=113434
     5
     6        Reviewed by Simon Hausmann.
     7
     8        Ensure we hold the JSLock when converting JSValue to JSValueRef.
     9
     10        * Api/qwebelement.cpp:
     11        (setupScriptContext):
     12        (QWebElement::evaluateJavaScript):
     13        * WebCoreSupport/QWebFrameAdapter.cpp:
     14        (QWebFrameAdapter::evaluateJavaScript):
     15
    1162013-05-03  Andreas Kling  <akling@apple.com>
    217

  • trunk/Source/WebKit/qt/WebCoreSupport/QWebFrameAdapter.cpp

    r148696 r149671  
    198198QVariant QWebFrameAdapter::evaluateJavaScript(const QString &scriptSource)
    199199{
    200     ScriptController* proxy = frame->script();
     200    ScriptController* scriptController = frame->script();
    201201    QVariant rc;
    202     if (proxy) {
     202    if (scriptController) {
    203203        int distance = 0;
    204         JSC::JSValue v = frame->script()->executeScript(ScriptSourceCode(scriptSource)).jsValue();
    205         JSC::ExecState* exec = proxy->globalObject(mainThreadNormalWorld())->globalExec();
     204        ScriptValue value = scriptController->executeScript(ScriptSourceCode(scriptSource));
     205        JSC::ExecState* exec = scriptController->globalObject(mainThreadNormalWorld())->globalExec();
    206206        JSValueRef* ignoredException = 0;
    207         rc = JSC::Bindings::convertValueToQVariant(toRef(exec), toRef(exec, v), QMetaType::Void, &distance, ignoredException);
     207        exec->vm().apiLock().lock();
     208        JSValueRef valueRef = toRef(exec, value.jsValue());
     209        exec->vm().apiLock().unlock();
     210        rc = JSC::Bindings::convertValueToQVariant(toRef(exec), valueRef, QMetaType::Void, &distance, ignoredException);
    208211    }
    209212    return rc;
Note: See TracChangeset for help on using the changeset viewer.