[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.16-1409-g5afdf4d
eric at webkit.org
eric at webkit.org
Thu Dec 3 13:22:59 UTC 2009
The following commit has been merged in the webkit-1.1 branch:
commit f7d4af8f3b92de242722dcc920060433ee29bb06
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Oct 29 20:15:13 2009 +0000
2009-10-29 Adam Barth <abarth at webkit.org>
Reviewed by Dimitri Glazkov.
[V8] Out-of-memory crash in isolated worlds
https://bugs.webkit.org/show_bug.cgi?id=30906
We need to handle the fact that creating a V8:Context might fail. I
don't know how to test this change because creating a context usually
only fails when V8 decides it's using too much memory.
* bindings/v8/V8IsolatedWorld.cpp:
(WebCore::V8IsolatedWorld::V8IsolatedWorld):
* bindings/v8/V8Proxy.cpp:
(WebCore::V8Proxy::evaluateInIsolatedWorld):
(WebCore::V8Proxy::evaluateInNewContext):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50296 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 71041f8..305ba9b 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2009-10-29 Adam Barth <abarth at webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ [V8] Out-of-memory crash in isolated worlds
+ https://bugs.webkit.org/show_bug.cgi?id=30906
+
+ We need to handle the fact that creating a V8:Context might fail. I
+ don't know how to test this change because creating a context usually
+ only fails when V8 decides it's using too much memory.
+
+ * bindings/v8/V8IsolatedWorld.cpp:
+ (WebCore::V8IsolatedWorld::V8IsolatedWorld):
+ * bindings/v8/V8Proxy.cpp:
+ (WebCore::V8Proxy::evaluateInIsolatedWorld):
+ (WebCore::V8Proxy::evaluateInNewContext):
+
2009-10-29 Gustavo Noronha Silva <gustavo.noronha at collabora.co.uk>
Reviewed by Xan Lopez.
diff --git a/WebCore/bindings/v8/V8IsolatedWorld.cpp b/WebCore/bindings/v8/V8IsolatedWorld.cpp
index d4e4f52..d71ec78 100644
--- a/WebCore/bindings/v8/V8IsolatedWorld.cpp
+++ b/WebCore/bindings/v8/V8IsolatedWorld.cpp
@@ -58,6 +58,8 @@ V8IsolatedWorld::V8IsolatedWorld(V8Proxy* proxy, int extensionGroup)
v8::HandleScope scope;
m_context = SharedPersistent<v8::Context>::create(proxy->createNewContext(v8::Handle<v8::Object>(), extensionGroup));
+ if (m_context.IsEmpty())
+ return;
// Run code in the new context.
v8::Context::Scope context_scope(m_context->get());
diff --git a/WebCore/bindings/v8/V8Proxy.cpp b/WebCore/bindings/v8/V8Proxy.cpp
index 1e2100c..2ffb232 100644
--- a/WebCore/bindings/v8/V8Proxy.cpp
+++ b/WebCore/bindings/v8/V8Proxy.cpp
@@ -282,6 +282,11 @@ void V8Proxy::evaluateInIsolatedWorld(int worldID, const Vector<ScriptSourceCode
world = iter->second;
} else {
world = new V8IsolatedWorld(this, extensionGroup);
+ if (world->context().IsEmpty()) {
+ delete world;
+ return;
+ }
+
m_isolatedWorlds.set(worldID, world);
// Setup context id for JS debugger.
@@ -289,6 +294,10 @@ void V8Proxy::evaluateInIsolatedWorld(int worldID, const Vector<ScriptSourceCode
}
} else {
world = new V8IsolatedWorld(this, extensionGroup);
+ if (world->context().IsEmpty()) {
+ delete world;
+ return;
+ }
}
v8::Local<v8::Context> context = v8::Local<v8::Context>::New(world->context());
@@ -314,6 +323,9 @@ void V8Proxy::evaluateInNewContext(const Vector<ScriptSourceCode>& sources, int
ASSERT(V8DOMWrapper::convertDOMWrapperToNative<DOMWindow>(windowWrapper) == m_frame->domWindow());
v8::Persistent<v8::Context> context = createNewContext(v8::Handle<v8::Object>(), extensionGroup);
+ if (context.IsEmpty())
+ return;
+
v8::Context::Scope contextScope(context);
// Setup context id for JS debugger.
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list