Changeset 60840 in webkit
- Timestamp:
- Jun 8, 2010 5:29:05 AM (14 years ago)
- Location:
- trunk
- Files:
-
- 5 added
- 13 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r60839 r60840 1 2010-06-08 Steve Block <steveblock@google.com> 2 3 Reviewed by Jeremy Orlow. 4 5 Prevent Geolocation making callbacks to a ScriptExecutionContext that no longer exists 6 https://bugs.webkit.org/show_bug.cgi?id=40162 7 8 * fast/dom/Geolocation/callback-to-deleted-context-expected.txt: Added. 9 * fast/dom/Geolocation/callback-to-deleted-context.html: Added. 10 * fast/dom/Geolocation/resources/callback-to-deleted-context-inner1.html: Added. 11 * fast/dom/Geolocation/resources/callback-to-deleted-context-inner2.html: Added. 12 * fast/dom/Geolocation/script-tests/callback-to-deleted-context.js: Added. 13 * platform/gtk/Skipped: Modified. 14 1 15 2010-06-08 Steve Block <steveblock@google.com> 2 16 -
trunk/LayoutTests/platform/gtk/Skipped
r60839 r60840 5917 5917 fast/dom/Geolocation/callback-to-remote-context.html 5918 5918 fast/dom/Geolocation/callback-to-remote-context2.html 5919 fast/dom/Geolocation/callback-to-deleted-context.html 5919 5920 5920 5921 # https://bugs.webkit.org/show_bug.cgi?id=40269 -
trunk/WebCore/ChangeLog
r60835 r60840 1 2010-06-08 Steve Block <steveblock@google.com> 2 3 Reviewed by Jeremy Orlow. 4 5 Prevent Geolocation making callbacks to a ScriptExecutionContext that no longer exists 6 https://bugs.webkit.org/show_bug.cgi?id=40162 7 8 Before making callbacks, we check that the relevant ScriptExecutionContext still exists. 9 To achieve this, the callbacks inherit from ActiveDOMObject. 10 11 The ScriptExecutionContext is ref'ed from script, so may not be GC'ed for some time after 12 it is disconnected from its frame. Making the callback currently involves accessing the 13 Frame, so an additional check for the Frame is required. 14 15 This change also prevents the V8 bindings from incorrectly holding a reference to the Frame. 16 17 Test: fast/dom/Geolocation/callback-to-deleted-context.html 18 19 * bindings/js/JSCallbackData.cpp: 20 (WebCore::JSCallbackData::invokeCallback): 21 * bindings/js/JSCustomPositionCallback.cpp: 22 (WebCore::JSCustomPositionCallback::JSCustomPositionCallback): 23 (WebCore::JSCustomPositionCallback::handleEvent): 24 * bindings/js/JSCustomPositionErrorCallback.cpp: 25 (WebCore::JSCustomPositionErrorCallback::JSCustomPositionErrorCallback): 26 (WebCore::JSCustomPositionErrorCallback::handleEvent): 27 * bindings/v8/custom/V8CustomPositionCallback.cpp: 28 (WebCore::V8CustomPositionCallback::V8CustomPositionCallback): 29 (WebCore::V8CustomPositionCallback::handleEvent): 30 * bindings/v8/custom/V8CustomPositionCallback.h: 31 (WebCore::V8CustomPositionCallback::create): 32 * bindings/v8/custom/V8CustomPositionErrorCallback.cpp: 33 (WebCore::V8CustomPositionErrorCallback::V8CustomPositionErrorCallback): 34 (WebCore::V8CustomPositionErrorCallback::handleEvent): 35 * bindings/v8/custom/V8CustomPositionErrorCallback.h: 36 (WebCore::V8CustomPositionErrorCallback::create): 37 * bindings/v8/custom/V8GeolocationCustom.cpp: 38 (WebCore::createPositionCallback): 39 (WebCore::createPositionErrorCallback): 40 * page/PositionCallback.h: 41 (WebCore::PositionCallback::PositionCallback): 42 * page/PositionErrorCallback.h: 43 (WebCore::PositionErrorCallback::PositionErrorCallback): 44 1 45 2010-06-08 Xan Lopez <xlopez@igalia.com> 2 46 -
trunk/WebCore/bindings/js/JSCallbackData.cpp
r60631 r60840 61 61 62 62 globalObject()->globalData()->timeoutChecker.start(); 63 JSValue result = globalObject()->scriptExecutionContext()->isDocument() 63 ScriptExecutionContext* context = globalObject()->scriptExecutionContext(); 64 // We will fail to get the context if the frame has been detached. 65 if (!context) 66 return JSValue(); 67 68 JSValue result = context->isDocument() 64 69 ? JSMainThreadExecState::call(exec, function, callType, callData, callback(), args) 65 70 : JSC::call(exec, function, callType, callData, callback(), args); -
trunk/WebCore/bindings/js/JSCustomPositionCallback.cpp
r56781 r60840 39 39 40 40 JSCustomPositionCallback::JSCustomPositionCallback(JSObject* callback, JSDOMGlobalObject* globalObject) 41 : m_data(callback, globalObject) 41 : PositionCallback(globalObject->scriptExecutionContext()) 42 , m_data(callback, globalObject) 42 43 { 43 44 } … … 45 46 void JSCustomPositionCallback::handleEvent(Geoposition* geoposition) 46 47 { 48 // ActiveDOMObject will null our pointer to the ScriptExecutionContext when it goes away. 49 if (!scriptExecutionContext()) 50 return; 51 47 52 RefPtr<JSCustomPositionCallback> protect(this); 48 53 -
trunk/WebCore/bindings/js/JSCustomPositionErrorCallback.cpp
r56781 r60840 39 39 40 40 JSCustomPositionErrorCallback::JSCustomPositionErrorCallback(JSObject* callback, JSDOMGlobalObject* globalObject) 41 : m_data(callback, globalObject) 41 : PositionErrorCallback(globalObject->scriptExecutionContext()) 42 , m_data(callback, globalObject) 42 43 { 43 44 } … … 45 46 void JSCustomPositionErrorCallback::handleEvent(PositionError* positionError) 46 47 { 48 // ActiveDOMObject will null our pointer to the ScriptExecutionContext when it goes away. 49 if (!scriptExecutionContext()) 50 return; 51 47 52 RefPtr<JSCustomPositionErrorCallback> protect(this); 48 53 -
trunk/WebCore/bindings/v8/custom/V8CustomPositionCallback.cpp
r60330 r60840 27 27 #include "V8CustomPositionCallback.h" 28 28 29 #include " Frame.h"29 #include "ScriptExecutionContext.h" 30 30 #include "V8CustomVoidCallback.h" // For invokeCallback 31 31 #include "V8Geoposition.h" 32 #include "V8Proxy.h" 32 33 33 34 namespace WebCore { 34 35 35 V8CustomPositionCallback::V8CustomPositionCallback(v8::Local<v8::Object> callback, Frame* frame)36 : m_callback(v8::Persistent<v8::Object>::New(callback))37 , m_ frame(frame)36 V8CustomPositionCallback::V8CustomPositionCallback(v8::Local<v8::Object> callback, ScriptExecutionContext* context) 37 : PositionCallback(context) 38 , m_callback(v8::Persistent<v8::Object>::New(callback)) 38 39 { 39 40 } … … 48 49 v8::HandleScope handleScope; 49 50 50 v8::Handle<v8::Context> context = V8Proxy::context(m_frame.get()); 51 // ActiveDOMObject will null our pointer to the ScriptExecutionContext when it goes away. 52 ScriptExecutionContext* scriptContext = scriptExecutionContext(); 53 if (!scriptContext) 54 return; 55 56 // The lookup of the proxy will fail if the Frame has been detached. 57 V8Proxy* proxy = V8Proxy::retrieve(scriptContext); 58 if (!proxy) 59 return; 60 61 v8::Handle<v8::Context> context = proxy->context(); 51 62 if (context.IsEmpty()) 52 63 return; … … 58 69 }; 59 70 60 // Protect the frameuntil the callback returns.61 RefPtr< Frame> protector(m_frame);71 // Protect the script context until the callback returns. 72 RefPtr<ScriptExecutionContext> protector(scriptContext); 62 73 63 74 bool callbackReturnValue = false; 64 invokeCallback(m_callback, 1, argv, callbackReturnValue, m_frame->document());75 invokeCallback(m_callback, 1, argv, callbackReturnValue, scriptContext); 65 76 } 66 77 -
trunk/WebCore/bindings/v8/custom/V8CustomPositionCallback.h
r51540 r60840 28 28 29 29 #include "PositionCallback.h" 30 30 31 #include <v8.h> 31 32 #include <wtf/PassRefPtr.h> … … 36 37 class Frame; 37 38 class Geoposition; 39 class ScriptExecutionContext; 38 40 39 41 class V8CustomPositionCallback : public PositionCallback { 40 42 public: 41 static PassRefPtr<V8CustomPositionCallback> create(v8::Local<v8::Value> value, Frame* frame)43 static PassRefPtr<V8CustomPositionCallback> create(v8::Local<v8::Value> value, ScriptExecutionContext* context) 42 44 { 43 45 ASSERT(value->IsObject()); 44 return adoptRef(new V8CustomPositionCallback(value->ToObject(), frame));46 return adoptRef(new V8CustomPositionCallback(value->ToObject(), context)); 45 47 } 46 48 virtual ~V8CustomPositionCallback(); … … 49 51 50 52 private: 51 V8CustomPositionCallback(v8::Local<v8::Object>, Frame*);53 V8CustomPositionCallback(v8::Local<v8::Object>, ScriptExecutionContext*); 52 54 53 55 v8::Persistent<v8::Object> m_callback; 54 RefPtr<Frame> m_frame;55 56 }; 56 57 -
trunk/WebCore/bindings/v8/custom/V8CustomPositionErrorCallback.cpp
r60330 r60840 27 27 #include "V8CustomPositionErrorCallback.h" 28 28 29 #include " Frame.h"29 #include "ScriptExecutionContext.h" 30 30 #include "V8CustomVoidCallback.h" // For invokeCallback 31 31 #include "V8PositionError.h" 32 #include "V8Proxy.h" 32 33 33 34 namespace WebCore { 34 35 35 V8CustomPositionErrorCallback::V8CustomPositionErrorCallback(v8::Local<v8::Object> callback, Frame* frame)36 : m_callback(v8::Persistent<v8::Object>::New(callback))37 , m_ frame(frame)36 V8CustomPositionErrorCallback::V8CustomPositionErrorCallback(v8::Local<v8::Object> callback, ScriptExecutionContext* context) 37 : PositionErrorCallback(context) 38 , m_callback(v8::Persistent<v8::Object>::New(callback)) 38 39 { 39 40 } … … 48 49 v8::HandleScope handleScope; 49 50 50 v8::Handle<v8::Context> context = V8Proxy::context(m_frame.get()); 51 // ActiveDOMObject will null our pointer to the ScriptExecutionContext when it goes away. 52 ScriptExecutionContext* scriptContext = scriptExecutionContext(); 53 if (!scriptContext) 54 return; 55 56 // The lookup of the proxy will fail if the Frame has been detached. 57 V8Proxy* proxy = V8Proxy::retrieve(scriptContext); 58 if (!proxy) 59 return; 60 61 v8::Handle<v8::Context> context = proxy->context(); 51 62 if (context.IsEmpty()) 52 63 return; … … 58 69 }; 59 70 60 // Protect the frameuntil the callback returns.61 RefPtr< Frame> protector(m_frame);71 // Protect the script context until the callback returns. 72 RefPtr<ScriptExecutionContext> protector(scriptContext); 62 73 63 74 bool callbackReturnValue = false; 64 invokeCallback(m_callback, 1, argv, callbackReturnValue, m_frame->document());75 invokeCallback(m_callback, 1, argv, callbackReturnValue, scriptContext); 65 76 } 66 77 -
trunk/WebCore/bindings/v8/custom/V8CustomPositionErrorCallback.h
r51540 r60840 28 28 29 29 #include "PositionErrorCallback.h" 30 30 31 #include <v8.h> 31 32 #include <wtf/PassRefPtr.h> … … 36 37 class Frame; 37 38 class PositionError; 39 class ScriptExecutionContext; 38 40 39 41 class V8CustomPositionErrorCallback : public PositionErrorCallback { 40 42 public: 41 static PassRefPtr<V8CustomPositionErrorCallback> create(v8::Local<v8::Value> value, Frame* frame)43 static PassRefPtr<V8CustomPositionErrorCallback> create(v8::Local<v8::Value> value, ScriptExecutionContext* context) 42 44 { 43 45 ASSERT(value->IsObject()); 44 return adoptRef(new V8CustomPositionErrorCallback(value->ToObject(), frame));46 return adoptRef(new V8CustomPositionErrorCallback(value->ToObject(), context)); 45 47 } 46 48 virtual ~V8CustomPositionErrorCallback(); … … 49 51 50 52 private: 51 V8CustomPositionErrorCallback(v8::Local<v8::Object>, Frame*);53 V8CustomPositionErrorCallback(v8::Local<v8::Object>, ScriptExecutionContext*); 52 54 53 55 v8::Persistent<v8::Object> m_callback; 54 RefPtr<Frame> m_frame;55 56 }; 56 57 -
trunk/WebCore/bindings/v8/custom/V8GeolocationCustom.cpp
r54349 r60840 27 27 #include "V8Geolocation.h" 28 28 29 #include "Frame.h" 29 30 #include "Geolocation.h" 30 31 31 #include "V8Binding.h" 32 32 #include "V8CustomPositionCallback.h" … … 57 57 } 58 58 59 Frame* frame = V8Proxy::retrieveFrameForCurrentContext(); 60 return V8CustomPositionCallback::create(value, frame); 59 return V8CustomPositionCallback::create(value, getScriptExecutionContext()); 61 60 } 62 61 … … 76 75 } 77 76 78 Frame* frame = V8Proxy::retrieveFrameForCurrentContext(); 79 return V8CustomPositionErrorCallback::create(value, frame); 77 return V8CustomPositionErrorCallback::create(value, getScriptExecutionContext()); 80 78 } 81 79 -
trunk/WebCore/page/PositionCallback.h
r55633 r60840 27 27 #define PositionCallback_h 28 28 29 #include "ActiveDOMObject.h" 29 30 #include <wtf/RefCounted.h> 30 31 … … 33 34 class Geoposition; 34 35 35 class PositionCallback : public RefCounted<PositionCallback> {36 class PositionCallback : public RefCounted<PositionCallback>, public ActiveDOMObject { 36 37 public: 38 PositionCallback(ScriptExecutionContext* context) : ActiveDOMObject(context, this) { } 37 39 virtual ~PositionCallback() { } 38 40 virtual void handleEvent(Geoposition*) = 0; -
trunk/WebCore/page/PositionErrorCallback.h
r55633 r60840 27 27 #define PositionErrorCallback_h 28 28 29 #include "ActiveDOMObject.h" 29 30 #include <wtf/RefCounted.h> 30 31 … … 33 34 class PositionError; 34 35 35 class PositionErrorCallback : public RefCounted<PositionErrorCallback> {36 class PositionErrorCallback : public RefCounted<PositionErrorCallback>, public ActiveDOMObject { 36 37 public: 38 PositionErrorCallback(ScriptExecutionContext* context) : ActiveDOMObject(context, this) { } 37 39 virtual ~PositionErrorCallback() { } 38 40 virtual void handleEvent(PositionError*) = 0;
Note: See TracChangeset
for help on using the changeset viewer.