[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

abarth at webkit.org abarth at webkit.org
Wed Apr 7 23:15:52 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit 079776afac3b17746187197244eb50a3418e2e7e
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Oct 30 06:51:51 2009 +0000

    2009-10-29  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Dimitri Glazkov.
    
            [V8] Out-of-memory crash in isolated worlds
            https://bugs.webkit.org/show_bug.cgi?id=30906
    
            We need to handle the fact that creating a V8:Context might fail.  I
            don't know how to test this change because creating a context usually
            only fails when V8 decides it's using too much memory.
    
            * bindings/v8/V8IsolatedWorld.cpp:
            (WebCore::V8IsolatedWorld::V8IsolatedWorld):
            * bindings/v8/V8Proxy.cpp:
            (WebCore::V8Proxy::evaluateInIsolatedWorld):
            (WebCore::V8Proxy::evaluateInNewContext):
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50319 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 218b662..b29f885 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2009-10-29  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        [V8] Out-of-memory crash in isolated worlds
+        https://bugs.webkit.org/show_bug.cgi?id=30906
+
+        We need to handle the fact that creating a V8:Context might fail.  I
+        don't know how to test this change because creating a context usually
+        only fails when V8 decides it's using too much memory.
+
+        * bindings/v8/V8IsolatedWorld.cpp:
+        (WebCore::V8IsolatedWorld::V8IsolatedWorld):
+        * bindings/v8/V8Proxy.cpp:
+        (WebCore::V8Proxy::evaluateInIsolatedWorld):
+        (WebCore::V8Proxy::evaluateInNewContext):
+
 2009-10-29  Erik Arvidsson  <arv at chromium.org>
 
         Reviewed by Eric Seidel.
diff --git a/WebCore/bindings/v8/V8IsolatedWorld.cpp b/WebCore/bindings/v8/V8IsolatedWorld.cpp
index d4e4f52..a417930 100644
--- a/WebCore/bindings/v8/V8IsolatedWorld.cpp
+++ b/WebCore/bindings/v8/V8IsolatedWorld.cpp
@@ -58,6 +58,8 @@ V8IsolatedWorld::V8IsolatedWorld(V8Proxy* proxy, int extensionGroup)
 
     v8::HandleScope scope;
     m_context = SharedPersistent<v8::Context>::create(proxy->createNewContext(v8::Handle<v8::Object>(), extensionGroup));
+    if (m_context->get().IsEmpty())
+        return;
 
     // Run code in the new context.
     v8::Context::Scope context_scope(m_context->get());
diff --git a/WebCore/bindings/v8/V8IsolatedWorld.h b/WebCore/bindings/v8/V8IsolatedWorld.h
index 663f4bd..2b23092 100644
--- a/WebCore/bindings/v8/V8IsolatedWorld.h
+++ b/WebCore/bindings/v8/V8IsolatedWorld.h
@@ -61,6 +61,7 @@ namespace WebCore {
         // Creates an isolated world. To destroy it, call destroy().
         // This will delete the isolated world when the context it owns is GC'd.
         V8IsolatedWorld(V8Proxy* proxy, int extensionGroup);
+        ~V8IsolatedWorld();
 
         // Call this to destroy the isolated world. It will be deleted sometime
         // after this call, once all script references to the world's context
@@ -93,8 +94,6 @@ namespace WebCore {
         DOMDataStore* getDOMDataStore() const { return m_domDataStore.getStore(); }
 
     private:
-        ~V8IsolatedWorld();
-
         static V8IsolatedWorld* getEnteredImpl();
 
         // Called by the garbage collector when our JavaScript context is about
diff --git a/WebCore/bindings/v8/V8Proxy.cpp b/WebCore/bindings/v8/V8Proxy.cpp
index 1e2100c..2ffb232 100644
--- a/WebCore/bindings/v8/V8Proxy.cpp
+++ b/WebCore/bindings/v8/V8Proxy.cpp
@@ -282,6 +282,11 @@ void V8Proxy::evaluateInIsolatedWorld(int worldID, const Vector<ScriptSourceCode
             world = iter->second;
         } else {
             world = new V8IsolatedWorld(this, extensionGroup);
+            if (world->context().IsEmpty()) {
+                delete world;
+                return;
+            }
+
             m_isolatedWorlds.set(worldID, world);
 
             // Setup context id for JS debugger.
@@ -289,6 +294,10 @@ void V8Proxy::evaluateInIsolatedWorld(int worldID, const Vector<ScriptSourceCode
         }
     } else {
         world = new V8IsolatedWorld(this, extensionGroup);
+        if (world->context().IsEmpty()) {
+            delete world;
+            return;
+        }
     }
 
     v8::Local<v8::Context> context = v8::Local<v8::Context>::New(world->context());
@@ -314,6 +323,9 @@ void V8Proxy::evaluateInNewContext(const Vector<ScriptSourceCode>& sources, int
     ASSERT(V8DOMWrapper::convertDOMWrapperToNative<DOMWindow>(windowWrapper) == m_frame->domWindow());
 
     v8::Persistent<v8::Context> context = createNewContext(v8::Handle<v8::Object>(), extensionGroup);
+    if (context.IsEmpty())
+        return;
+
     v8::Context::Scope contextScope(context);
 
     // Setup context id for JS debugger.

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list