Changeset 58084 in webkit
- Timestamp:
- Apr 22, 2010 3:41:05 AM (14 years ago)
- Location:
- trunk/WebCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
bindings/v8/V8AbstractEventListener.cpp (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebCore/ChangeLog
r58078 r58084 1 2010-04-22 Anton Muhin <antonm@chromium.org> 2 3 Reviewed by Adam Barth. 4 5 [v8] Do not pass empty handle into SetHiddenValue which would crash. 6 https://bugs.webkit.org/show_bug.cgi?id=37801 7 8 * bindings/v8/V8AbstractEventListener.cpp: 9 (WebCore::V8AbstractEventListener::handleEvent): add couple of asserts to check for unexpected paths 10 (WebCore::V8AbstractEventListener::invokeEventHandler): bail out of jsEvent is empty handle 11 1 12 2010-04-22 Stephan Aßmus <superstippi@gmx.de> 2 13 -
trunk/WebCore/bindings/v8/V8AbstractEventListener.cpp
r56329 r58084 72 72 void V8AbstractEventListener::handleEvent(ScriptExecutionContext* context, Event* event) 73 73 { 74 ASSERT(event); 75 74 76 // The callback function on XMLHttpRequest can clear the event listener and destroys 'this' object. Keep a local reference to it. 75 77 // See issue 889829. … … 87 89 // Get the V8 wrapper for the event object. 88 90 v8::Handle<v8::Value> jsEvent = toV8(event); 91 ASSERT(!jsEvent.IsEmpty()); 89 92 90 93 invokeEventHandler(context, event, jsEvent); … … 115 118 void V8AbstractEventListener::invokeEventHandler(ScriptExecutionContext* context, Event* event, v8::Handle<v8::Value> jsEvent) 116 119 { 120 // If jsEvent is empty, attempt to set it as a hidden value would crash v8. 121 if (jsEvent.IsEmpty()) 122 return; 117 123 118 124 v8::Local<v8::Context> v8Context = toV8Context(context, worldContext());
Note: See TracChangeset
for help on using the changeset viewer.
