Title: [132691] branches/chromium/1271
- Revision
- 132691
- Author
- kar...@chromium.org
- Date
- 2012-10-26 13:59:00 -0700 (Fri, 26 Oct 2012)
Log Message
Merge 132371 - Crash when trying to write exception message to null console
https://bugs.webkit.org/show_bug.cgi?id=99658
Patch by Toni Barzic <tbar...@chromium.org> on 2012-10-24
Reviewed by Adam Barth.
Source/WebCore:
DOMWindow::console may return NULL, so we should do a NULL check before adding message to it.
This may happen e.g. if a worker throws an exception just as the document is being replaced in the view.
The exception task could be processes after current window in the frame changes, and console in the document window is nulled.
Test: fast/workers/worker-exception-during-navigation.html
* dom/Document.cpp:
(WebCore::Document::addMessage):
LayoutTests:
The test creates bunch of workers that throw an exception as soon as they are loaded and then tries to change the current document.
The test passes if there is no crash.
Unfortuantely, the test is inherently flaky and may produce some false positive results (but should never fail if there is no bug).
* fast/workers/resources/worker-exception.js: Added.
* fast/workers/worker-exception-during-navigation-expected.txt: Added.
* fast/workers/worker-exception-during-navigation.html: Added.
TBR=commit-qu...@webkit.org
Review URL: https://codereview.chromium.org/11320014
Modified Paths
Added Paths
Diff
Copied: branches/chromium/1271/LayoutTests/fast/workers/resources/worker-exception.js (from rev 132371, trunk/LayoutTests/fast/workers/resources/worker-exception.js) (0 => 132691)
--- branches/chromium/1271/LayoutTests/fast/workers/resources/worker-exception.js (rev 0)
+++ branches/chromium/1271/LayoutTests/fast/workers/resources/worker-exception.js 2012-10-26 20:59:00 UTC (rev 132691)
@@ -0,0 +1 @@
+throw "Exception in worker";
Copied: branches/chromium/1271/LayoutTests/fast/workers/worker-exception-during-navigation-expected.txt (from rev 132371, trunk/LayoutTests/fast/workers/worker-exception-during-navigation-expected.txt) (0 => 132691)
--- branches/chromium/1271/LayoutTests/fast/workers/worker-exception-during-navigation-expected.txt (rev 0)
+++ branches/chromium/1271/LayoutTests/fast/workers/worker-exception-during-navigation-expected.txt 2012-10-26 20:59:00 UTC (rev 132691)
@@ -0,0 +1,8 @@
+CONSOLE MESSAGE: line 27: Creating the workers.
+CONSOLE MESSAGE: line 44: Unloading the current document to see if there will be a crash.
+CONSOLE MESSAGE: line 12: No crashes: PASSED!
+The regression test for Bug 99658
+
+The test starts bunch of workers that just throw an exception. During that time, current document is unloaded. The test passes if there are no crashes after the page unload.
+
+Note that the test is potentially flaky and may produce false positives if we are unlucky with the worker exceptions timing. It should not fail if there is no bug though.
Copied: branches/chromium/1271/LayoutTests/fast/workers/worker-exception-during-navigation.html (from rev 132371, trunk/LayoutTests/fast/workers/worker-exception-during-navigation.html) (0 => 132691)
--- branches/chromium/1271/LayoutTests/fast/workers/worker-exception-during-navigation.html (rev 0)
+++ branches/chromium/1271/LayoutTests/fast/workers/worker-exception-during-navigation.html 2012-10-26 20:59:00 UTC (rev 132691)
@@ -0,0 +1,51 @@
+<body _onload_="test()">
+<p>The regression test for <a href="" 99658</a></p>
+<p>The test starts bunch of workers that just throw an exception. During that time, current document is unloaded. The test passes if there are no crashes after the page unload.</p>
+<p>Note that the test is potentially flaky and may produce false positives if we are unlucky with the worker exceptions timing. It should not fail if there is no bug though.</p>
+<script src=""
+<script>
+function test() {
+ if (document.location.search == "?done") {
+ // Set timeout to give the test some time to crash.
+ setTimeout(function() {
+ if (window.testRunner) {
+ console.log("No crashes: PASSED!");
+ testRunner.notifyDone();
+ }
+ }, 100);
+ return;
+ }
+
+ if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+ }
+
+ // Create sufficiently large number of workers in hopes that one of the exceptions they throw will be processed in short time interval in
+ // which it could case the crash from the bug.
+ var workers = [];
+ console.log("Creating the workers.")
+ for (var i = 0; i < 30; i++) {
+ setTimeout(function() {
+ try {
+ var worker = new Worker('resources/worker-exception.js');
+ worker._onerror_ = function(evt) {
+ // The number of worker exceptions that will be catched is not deterministic,
+ // so let's make sire the excption is not written to console to have deterministic text output.
+ evt.preventDefault();
+ };
+ workers.push(worker);
+ } catch (ex) {
+ }
+ }, i / 2);
+ }
+
+ setTimeout(function() {
+ console.log("Unloading the current document to see if there will be a crash.");
+ document.location.href = ""
+ workers = null;
+ gc();
+ }, 10);
+}
+</script>
+</body>
Modified: branches/chromium/1271/Source/WebCore/dom/Document.cpp (132690 => 132691)
--- branches/chromium/1271/Source/WebCore/dom/Document.cpp 2012-10-26 20:41:25 UTC (rev 132690)
+++ branches/chromium/1271/Source/WebCore/dom/Document.cpp 2012-10-26 20:59:00 UTC (rev 132691)
@@ -5241,8 +5241,10 @@
return;
}
- if (DOMWindow* window = domWindow())
- window->console()->addMessage(source, type, level, message, sourceURL, lineNumber, callStack);
+ if (DOMWindow* window = domWindow()) {
+ if (Console* console = window->console())
+ console->addMessage(source, type, level, message, sourceURL, lineNumber, callStack);
+ }
}
struct PerformTaskContext {
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes
