Changeset 57991 in webkit

Timestamp:

Apr 21, 2010 10:21:36 AM (14 years ago)

Author:

eric@webkit.org

Message:

2010-04-21 anton muhin <​antonm@google.com>

Reviewed by Adam Barth.

[v8] Bail out if fetching of Object.prototype fails.
​https://bugs.webkit.org/show_bug.cgi?id=37661

If for any reason we failed to fetch Object.prototype, context cannot
be properly initialized and we bail out.

• bindings/v8/V8DOMWindowShell.cpp: (WebCore::V8DOMWindowShell::initContextIfNeeded): bail out if installHiddenObjectPrototype failed (WebCore::V8DOMWindowShell::installHiddenObjectPrototype): bail out if failed to fetch Object.prototype
• bindings/v8/V8DOMWindowShell.h: return false if installHiddenObjectPrototype failed

Location:

trunk/WebCore

Files:

• ChangeLog (modified) (1 diff)
• bindings/v8/V8DOMWindowShell.cpp (modified) (3 diffs)
• bindings/v8/V8DOMWindowShell.h (modified) (1 diff)

trunk/WebCore/ChangeLog

@@ +1 @@
+2010-04-21  anton muhin  <antonm@google.com>
+
+        Reviewed by Adam Barth.
+
+        [v8] Bail out if fetching of Object.prototype fails.
+        https://bugs.webkit.org/show_bug.cgi?id=37661
+
+        If for any reason we failed to fetch Object.prototype, context cannot
+        be properly initialized and we bail out.
+
+        * bindings/v8/V8DOMWindowShell.cpp:
+        (WebCore::V8DOMWindowShell::initContextIfNeeded): bail out if installHiddenObjectPrototype failed
+        (WebCore::V8DOMWindowShell::installHiddenObjectPrototype): bail out if failed to fetch Object.prototype
+        * bindings/v8/V8DOMWindowShell.h: return false if installHiddenObjectPrototype failed
+
 2010-04-21  Timothy Hatcher  <timothy@apple.com>
 

trunk/WebCore/bindings/v8/V8DOMWindowShell.cpp

@@ -287 +287 @@
     }
 
-    installHiddenObjectPrototype(v8Context);
-
-    if (!installDOMWindow(v8Context, m_frame->domWindow()))
+    if (!installHiddenObjectPrototype(v8Context)) {
         disposeContextHandles();
+        return;
+    }
+
+    if (!installDOMWindow(v8Context, m_frame->domWindow())) {
+        disposeContextHandles();
+        return;
+    }
 
     updateDocument();
@@ -504 +509 @@
 }
 
-void V8DOMWindowShell::installHiddenObjectPrototype(v8::Handle<v8::Context> context)
+bool V8DOMWindowShell::installHiddenObjectPrototype(v8::Handle<v8::Context> context)
 {
     v8::Handle<v8::String> objectString = v8::String::New("Object");
@@ -511 +516 @@
     // Bail out if allocation failed.
     if (objectString.IsEmpty() || prototypeString.IsEmpty() || hiddenObjectPrototypeString.IsEmpty())
-        return;
+        return false;
 
     v8::Handle<v8::Object> object = v8::Handle<v8::Object>::Cast(context->Global()->Get(objectString));
+    // Bail out if fetching failed.
+    if (object.IsEmpty())
+        return false;
     v8::Handle<v8::Value> objectPrototype = object->Get(prototypeString);
+    // Bail out if fetching failed.
+    if (objectPrototype.IsEmpty())
+        return false;
 
     context->Global()->SetHiddenValue(hiddenObjectPrototypeString, objectPrototype);
+
+    return true;
 }
 

trunk/WebCore/bindings/v8/V8DOMWindowShell.h

@@ -75 +75 @@
     static v8::Handle<v8::Value> getHiddenObjectPrototype(v8::Handle<v8::Context>);
     // WARNING: Call |installHiddenObjectPrototype| only on fresh contexts!
-    static void installHiddenObjectPrototype(v8::Handle<v8::Context>);
+    static bool installHiddenObjectPrototype(v8::Handle<v8::Context>);
 
     // To create JS Wrapper objects, we create a cache of a 'boiler plate'