[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.16-1409-g5afdf4d

abarth at webkit.org abarth at webkit.org
Thu Dec 3 13:42:48 UTC 2009 

The following commit has been merged in the webkit-1.1 branch:
commit 82eaae85435fafe26b6655b87830fa3ea75bd9a2
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Mon Nov 23 19:12:08 2009 +0000

    2009-11-23  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Dimitri Glazkov.
    
            [V8] Don't crash when OOM in creating isolated world
            https://bugs.webkit.org/show_bug.cgi?id=31805
    
            We need to add some more null checks to avoid crashing.  No new tests
            because we don't have a good way to test out-of-memory bugs.
    
            * bindings/v8/V8Proxy.cpp:
            (WebCore::V8Proxy::evaluateInIsolatedWorld):
            (WebCore::V8Proxy::evaluateInNewContext):
            (WebCore::V8Proxy::setInjectedScriptContextDebugId):
            * bindings/v8/V8Proxy.h:
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@51312 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index c7afde2..124b7b4 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2009-11-23  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        [V8] Don't crash when OOM in creating isolated world
+        https://bugs.webkit.org/show_bug.cgi?id=31805
+
+        We need to add some more null checks to avoid crashing.  No new tests
+        because we don't have a good way to test out-of-memory bugs.
+
+        * bindings/v8/V8Proxy.cpp:
+        (WebCore::V8Proxy::evaluateInIsolatedWorld):
+        (WebCore::V8Proxy::evaluateInNewContext):
+        (WebCore::V8Proxy::setInjectedScriptContextDebugId):
+        * bindings/v8/V8Proxy.h:
+
 2009-11-23  Dirk Schulze  <krit at webkit.org>
 
         Reviewed by Nikolas Zimmermann.
diff --git a/WebCore/bindings/v8/V8Proxy.cpp b/WebCore/bindings/v8/V8Proxy.cpp
index 6969185..89a8b57 100644
--- a/WebCore/bindings/v8/V8Proxy.cpp
+++ b/WebCore/bindings/v8/V8Proxy.cpp
@@ -311,7 +311,11 @@ void V8Proxy::evaluateInIsolatedWorld(int worldID, const Vector<ScriptSourceCode
             m_isolatedWorlds.set(worldID, world);
 
             // Setup context id for JS debugger.
-            setInjectedScriptContextDebugId(world->context());
+            if (!setInjectedScriptContextDebugId(world->context())) {
+                m_isolatedWorlds.take(worldID);
+                delete world;
+                return;
+            }
         }
     } else {
         world = new V8IsolatedWorld(this, extensionGroup);
@@ -350,7 +354,10 @@ void V8Proxy::evaluateInNewContext(const Vector<ScriptSourceCode>& sources, int
     v8::Context::Scope contextScope(context);
 
     // Setup context id for JS debugger.
-    setInjectedScriptContextDebugId(context);
+    if (!setInjectedScriptContextDebugId(context)) {
+        context.Dispose();
+        return;
+    }
 
     v8::Handle<v8::Object> global = context->Global();
 
@@ -376,19 +383,29 @@ void V8Proxy::evaluateInNewContext(const Vector<ScriptSourceCode>& sources, int
     context.Dispose();
 }
 
-void V8Proxy::setInjectedScriptContextDebugId(v8::Handle<v8::Context> targetContext)
+bool V8Proxy::setInjectedScriptContextDebugId(v8::Handle<v8::Context> targetContext)
 {
     // Setup context id for JS debugger.
     v8::Context::Scope contextScope(targetContext);
     v8::Handle<v8::Object> contextData = v8::Object::New();
+    if (contextData.IsEmpty())
+        return false;
 
+    if (m_context.IsEmpty())
+        return false;
     v8::Handle<v8::Value> windowContextData = m_context->GetData();
     if (windowContextData->IsObject()) {
         v8::Handle<v8::String> propertyName = v8::String::New(kContextDebugDataValue);
+        if (propertyName.IsEmpty())
+            return false;
         contextData->Set(propertyName, v8::Object::Cast(*windowContextData)->Get(propertyName));
     }
-    contextData->Set(v8::String::New(kContextDebugDataType), v8::String::New("injected"));
+    v8::Handle<v8::String> propertyName = v8::String::New(kContextDebugDataType);
+    if (propertyName.IsEmpty())
+        return false;
+    contextData->Set(propertyName, v8::String::New("injected"));
     targetContext->SetData(contextData);
+    return true;
 }
 
 v8::Local<v8::Value> V8Proxy::evaluate(const ScriptSourceCode& source, Node* node)
diff --git a/WebCore/bindings/v8/V8Proxy.h b/WebCore/bindings/v8/V8Proxy.h
index e299d62..c8628d1 100644
--- a/WebCore/bindings/v8/V8Proxy.h
+++ b/WebCore/bindings/v8/V8Proxy.h
@@ -387,7 +387,8 @@ namespace WebCore {
 
         void resetIsolatedWorlds();
 
-        void setInjectedScriptContextDebugId(v8::Handle<v8::Context> targetContext);
+        // Returns false when we're out of memory in V8.
+        bool setInjectedScriptContextDebugId(v8::Handle<v8::Context> targetContext);
 
         static bool canAccessPrivate(DOMWindow*);
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list