Title: [105815] trunk/Source/WebCore
- Revision
- 105815
- Author
- [email protected]
- Date
- 2012-01-24 14:52:24 -0800 (Tue, 24 Jan 2012)
Log Message
[Chromium][V8] DOMWindow::postMessage crashes if window disassociated with frame.
https://bugs.webkit.org/show_bug.cgi?id=76944.
Reviewed by David Levin.
* bindings/v8/V8Proxy.cpp:
(WebCore::V8Proxy::retrieveWindowForCallingContext):
* bindings/v8/V8Proxy.h:
* bindings/v8/custom/V8DOMWindowCustom.cpp:
(WebCore::handlePostMessageCallback):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (105814 => 105815)
--- trunk/Source/WebCore/ChangeLog 2012-01-24 22:39:21 UTC (rev 105814)
+++ trunk/Source/WebCore/ChangeLog 2012-01-24 22:52:24 UTC (rev 105815)
@@ -1,3 +1,16 @@
+2012-01-24 Dmitry Lomov <[email protected]>
+
+ [Chromium][V8] DOMWindow::postMessage crashes if window disassociated with frame.
+ https://bugs.webkit.org/show_bug.cgi?id=76944.
+
+ Reviewed by David Levin.
+
+ * bindings/v8/V8Proxy.cpp:
+ (WebCore::V8Proxy::retrieveWindowForCallingContext):
+ * bindings/v8/V8Proxy.h:
+ * bindings/v8/custom/V8DOMWindowCustom.cpp:
+ (WebCore::handlePostMessageCallback):
+
2012-01-24 Geoffrey Garen <[email protected]>
Updated bindings test expectations after my last patch.
Modified: trunk/Source/WebCore/bindings/v8/V8Proxy.cpp (105814 => 105815)
--- trunk/Source/WebCore/bindings/v8/V8Proxy.cpp 2012-01-24 22:39:21 UTC (rev 105814)
+++ trunk/Source/WebCore/bindings/v8/V8Proxy.cpp 2012-01-24 22:52:24 UTC (rev 105815)
@@ -492,6 +492,14 @@
return retrieveFrame(context);
}
+DOMWindow* V8Proxy::retrieveWindowForCallingContext()
+{
+ v8::Handle<v8::Context> context = v8::Context::GetCalling();
+ if (context.IsEmpty())
+ return 0;
+ return retrieveWindow(context);
+}
+
Frame* V8Proxy::retrieveFrameForCallingContext()
{
v8::Handle<v8::Context> context = v8::Context::GetCalling();
Modified: trunk/Source/WebCore/bindings/v8/V8Proxy.h (105814 => 105815)
--- trunk/Source/WebCore/bindings/v8/V8Proxy.h 2012-01-24 22:39:21 UTC (rev 105814)
+++ trunk/Source/WebCore/bindings/v8/V8Proxy.h 2012-01-24 22:52:24 UTC (rev 105815)
@@ -169,6 +169,9 @@
// Returns the window object associated with a context.
static DOMWindow* retrieveWindow(v8::Handle<v8::Context>);
+
+ static DOMWindow* retriveWindowForCallingCOntext();
+
// Returns V8Proxy object of the currently executing context.
static V8Proxy* retrieve();
// Returns V8Proxy object associated with a frame.
@@ -211,6 +214,7 @@
// linking time.
static Frame* retrieveFrameForEnteredContext();
static Frame* retrieveFrameForCurrentContext();
+ static DOMWindow* retrieveWindowForCallingContext();
static Frame* retrieveFrameForCallingContext();
// Returns V8 Context of a frame. If none exists, creates
Modified: trunk/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp (105814 => 105815)
--- trunk/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp 2012-01-24 22:39:21 UTC (rev 105814)
+++ trunk/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp 2012-01-24 22:52:24 UTC (rev 105815)
@@ -296,11 +296,11 @@
static v8::Handle<v8::Value> handlePostMessageCallback(const v8::Arguments& args, bool extendedTransfer)
{
+ // None of these need to be RefPtr because args and context are guaranteed
+ // to hold on to them.
DOMWindow* window = V8DOMWindow::toNative(args.Holder());
+ DOMWindow* source = V8Proxy::retrieveWindowForCallingContext();
- DOMWindow* source = V8Proxy::retrieveFrameForCallingContext()->domWindow();
- ASSERT(source->frame());
-
// This function has variable arguments and can be:
// Per current spec:
// postMessage(message, targetOrigin)
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
