Changeset 50785 in webkit
- Timestamp:
- Nov 10, 2009 6:15:19 PM (14 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r50784 r50785 1 2009-11-10 Vitaly Repeshko <vitalyr@chromium.org> 2 3 Reviewed by Dimitri Glazkov. 4 5 [V8] Fix crash in V8CustomXPathNSResolver (http://crbug.com/26726). 6 https://bugs.webkit.org/show_bug.cgi?id=31301 7 8 * fast/xpath/xpath-detached-iframe-resolver-crash-expected.txt: Added. 9 * fast/xpath/xpath-detached-iframe-resolver-crash.html: Added. 10 1 11 2009-11-10 Yael Aharon <yael.aharon@nokia.com> 2 12 -
trunk/WebCore/ChangeLog
r50784 r50785 1 2009-11-10 Vitaly Repeshko <vitalyr@chromium.org> 2 3 Reviewed by Dimitri Glazkov. 4 5 [V8] Fix crash in V8CustomXPathNSResolver (http://crbug.com/26726). 6 https://bugs.webkit.org/show_bug.cgi?id=31301 7 8 Tested by new fast/xpath/xpath-detached-iframe-resolver-crash.html. 9 10 Allowed passing V8Proxy for the calling JS context: 11 * bindings/v8/V8DOMWrapper.h: 12 (WebCore::V8DOMWrapper::getXPathNSResolver): 13 * bindings/v8/custom/V8CustomXPathNSResolver.cpp: 14 (WebCore::V8CustomXPathNSResolver::create): 15 (WebCore::V8CustomXPathNSResolver::V8CustomXPathNSResolver): 16 (WebCore::V8CustomXPathNSResolver::lookupNamespaceURI): 17 * bindings/v8/custom/V8CustomXPathNSResolver.h: 18 * bindings/v8/custom/V8DocumentCustom.cpp: 19 (WebCore::CALLBACK_FUNC_DECL): 20 1 21 2009-11-10 Yael Aharon <yael.aharon@nokia.com> 2 22 -
trunk/WebCore/bindings/v8/V8DOMWrapper.h
r50578 r50785 254 254 255 255 // XPath-related utilities 256 static RefPtr<XPathNSResolver> getXPathNSResolver(v8::Handle<v8::Value> value )256 static RefPtr<XPathNSResolver> getXPathNSResolver(v8::Handle<v8::Value> value, V8Proxy* proxy = 0) 257 257 { 258 258 RefPtr<XPathNSResolver> resolver; … … 260 260 resolver = convertToNativeObject<XPathNSResolver>(V8ClassIndex::XPATHNSRESOLVER, v8::Handle<v8::Object>::Cast(value)); 261 261 else if (value->IsObject()) 262 resolver = V8CustomXPathNSResolver::create( value->ToObject());262 resolver = V8CustomXPathNSResolver::create(proxy, value->ToObject()); 263 263 return resolver; 264 264 } -
trunk/WebCore/bindings/v8/custom/V8CustomXPathNSResolver.cpp
r46383 r50785 39 39 namespace WebCore { 40 40 41 PassRefPtr<V8CustomXPathNSResolver> V8CustomXPathNSResolver::create( v8::Handle<v8::Object> resolver)41 PassRefPtr<V8CustomXPathNSResolver> V8CustomXPathNSResolver::create(V8Proxy* proxy, v8::Handle<v8::Object> resolver) 42 42 { 43 return adoptRef(new V8CustomXPathNSResolver( resolver));43 return adoptRef(new V8CustomXPathNSResolver(proxy, resolver)); 44 44 } 45 45 46 V8CustomXPathNSResolver::V8CustomXPathNSResolver(v8::Handle<v8::Object> resolver) 47 : m_resolver(resolver) 46 V8CustomXPathNSResolver::V8CustomXPathNSResolver(V8Proxy* proxy, v8::Handle<v8::Object> resolver) 47 : m_proxy(proxy) 48 , m_resolver(resolver) 48 49 { 49 50 } … … 55 56 String V8CustomXPathNSResolver::lookupNamespaceURI(const String& prefix) 56 57 { 58 V8Proxy* proxy = m_proxy; 59 60 if (!proxy) { 61 proxy = V8Proxy::retrieve(); 62 if (!proxy) 63 return String(); 64 } 65 57 66 v8::Handle<v8::Function> lookupNamespaceURIFunc; 58 67 v8::Handle<v8::String> lookupNamespaceURIName = v8::String::New("lookupNamespaceURI"); … … 66 75 67 76 if (lookupNamespaceURIFunc.IsEmpty() && !m_resolver->IsFunction()) { 68 Frame* frame = V8Proxy::retrieveFrameForEnteredContext();77 Frame* frame = proxy->frame(); 69 78 logInfo(frame, "XPathNSResolver does not have a lookupNamespaceURI method.", String()); 70 79 return String(); … … 79 88 v8::Handle<v8::Function> function = lookupNamespaceURIFunc.IsEmpty() ? v8::Handle<v8::Function>::Cast(m_resolver) : lookupNamespaceURIFunc; 80 89 81 V8Proxy* proxy = V8Proxy::retrieve();82 90 v8::Handle<v8::Value> retval = proxy->callFunction(function, m_resolver, argc, argv); 83 91 -
trunk/WebCore/bindings/v8/custom/V8CustomXPathNSResolver.h
r46383 r50785 43 43 44 44 class String; 45 class V8Proxy; 45 46 47 // V8CustomXPathNSResolver does not create a persistent handle to the 48 // given resolver object. So the lifetime of V8CustomXPathNSResolver 49 // must not exceed the lifetime of the passed handle. 46 50 class V8CustomXPathNSResolver : public XPathNSResolver { 47 51 public: 48 static PassRefPtr<V8CustomXPathNSResolver> create( v8::Handle<v8::Object> resolver);52 static PassRefPtr<V8CustomXPathNSResolver> create(V8Proxy* proxy, v8::Handle<v8::Object> resolver); 49 53 50 54 virtual ~V8CustomXPathNSResolver(); … … 52 56 53 57 private: 54 V8CustomXPathNSResolver( v8::Handle<v8::Object> resolver);58 V8CustomXPathNSResolver(V8Proxy* proxy, v8::Handle<v8::Object> resolver); 55 59 60 V8Proxy* m_proxy; 56 61 v8::Handle<v8::Object> m_resolver; // Handle to resolver object. 57 62 }; -
trunk/WebCore/bindings/v8/custom/V8DocumentCustom.cpp
r50733 r50785 62 62 contextNode = V8DOMWrapper::convertDOMWrapperToNode<Node>(v8::Handle<v8::Object>::Cast(args[1])); 63 63 64 RefPtr<XPathNSResolver> resolver = V8DOMWrapper::getXPathNSResolver(args[2] );64 RefPtr<XPathNSResolver> resolver = V8DOMWrapper::getXPathNSResolver(args[2], V8Proxy::retrieve(V8Proxy::retrieveFrameForCallingContext())); 65 65 if (!resolver && !args[2]->IsNull() && !args[2]->IsUndefined()) 66 66 return throwError(TYPE_MISMATCH_ERR);
Note: See TracChangeset
for help on using the changeset viewer.