[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.15.1-1414-gc69ee75

eric at webkit.org eric at webkit.org
Thu Oct 29 20:41:08 UTC 2009 

The following commit has been merged in the webkit-1.1 branch:
commit ae76e5a6dad89cd8d9b81bcd80603971564371cb
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Wed Oct 7 17:25:06 2009 +0000

    2009-10-07  Vitaly Repeshko  <vitalyr at chromium.org>
    
            Reviewed by Adam Barth.
    
            [V8] Protect JS listener object from GC while clearing a property on it.
            See http://crbug.com/23780.
            https://bugs.webkit.org/show_bug.cgi?id=30137
    
            * bindings/v8/V8AbstractEventListener.cpp:
            (WebCore::V8AbstractEventListener::~V8AbstractEventListener):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@49252 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 6895199..f757f88 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,14 @@
+2009-10-07  Vitaly Repeshko  <vitalyr at chromium.org>
+
+        Reviewed by Adam Barth.
+
+        [V8] Protect JS listener object from GC while clearing a property on it.
+        See http://crbug.com/23780.
+        https://bugs.webkit.org/show_bug.cgi?id=30137
+
+        * bindings/v8/V8AbstractEventListener.cpp:
+        (WebCore::V8AbstractEventListener::~V8AbstractEventListener):
+
 2009-10-07  Zoltan Horvath  <zoltan at webkit.org>
 
         Rubber-stamped by Eric Seidel.
diff --git a/WebCore/bindings/v8/V8AbstractEventListener.cpp b/WebCore/bindings/v8/V8AbstractEventListener.cpp
index 12a2cd9..795358e 100644
--- a/WebCore/bindings/v8/V8AbstractEventListener.cpp
+++ b/WebCore/bindings/v8/V8AbstractEventListener.cpp
@@ -75,8 +75,11 @@ V8AbstractEventListener::V8AbstractEventListener(Frame* frame, PassRefPtr<V8List
 
 V8AbstractEventListener::~V8AbstractEventListener()
 {
-    if (!m_listener.IsEmpty())
-        V8EventListenerList::clearWrapper(m_listener, m_isAttribute);
+    if (!m_listener.IsEmpty()) {
+        v8::HandleScope scope;
+        v8::Local<v8::Object> listener = v8::Local<v8::Object>::New(m_listener);
+        V8EventListenerList::clearWrapper(listener, m_isAttribute);
+    }
     disposeListenerObject();
 }
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list