[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

Wed Apr 7 23:16:08 UTC 2010

The following commit has been merged in the webkit-1.2 branch:
commit 3d182b2155ee7bc2ee82bd79463954ab48e5a3fb
Author: yurys at chromium.org <yurys at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Oct 30 10:32:19 2009 +0000

    2009-10-30  Yury Semikhatsky  <yurys at chromium.org>
    
            Reviewed by Pavel Feldman.
    
            Fix Chromium crash in console.log in "deeply recursive" function
    
            Check that result of 'frameSourceName' is not null handle
            before casting it to String.
    
            Allow V8Proxy::sourceName/sourceLineNumber() to report
            that they have failed due to JavaScript stack overflow.
    
            https://bugs.webkit.org/show_bug.cgi?id=30904
    
            * bindings/scripts/CodeGeneratorV8.pm:
            * bindings/v8/ScriptCallStack.cpp:
            (WebCore::ScriptCallStack::create):
            (WebCore::ScriptCallStack::ScriptCallStack):
            * bindings/v8/ScriptCallStack.h:
            * bindings/v8/V8Proxy.cpp:
            (WebCore::V8Proxy::sourceLineNumber):
            (WebCore::V8Proxy::sourceName):
            * bindings/v8/V8Proxy.h:
            * bindings/v8/custom/V8WorkerContextCustom.cpp:
            (WebCore::CALLBACK_FUNC_DECL):
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50327 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 8899ba0..485817b 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,29 @@
+2009-10-30  Yury Semikhatsky  <yurys at chromium.org>
+
+        Reviewed by Pavel Feldman.
+
+        Fix Chromium crash in console.log in "deeply recursive" function 
+
+        Check that result of 'frameSourceName' is not null handle
+        before casting it to String. 
+      
+        Allow V8Proxy::sourceName/sourceLineNumber() to report
+        that they have failed due to JavaScript stack overflow.
+
+        https://bugs.webkit.org/show_bug.cgi?id=30904
+
+        * bindings/scripts/CodeGeneratorV8.pm:
+        * bindings/v8/ScriptCallStack.cpp:
+        (WebCore::ScriptCallStack::create):
+        (WebCore::ScriptCallStack::ScriptCallStack):
+        * bindings/v8/ScriptCallStack.h:
+        * bindings/v8/V8Proxy.cpp:
+        (WebCore::V8Proxy::sourceLineNumber):
+        (WebCore::V8Proxy::sourceName):
+        * bindings/v8/V8Proxy.h:
+        * bindings/v8/custom/V8WorkerContextCustom.cpp:
+        (WebCore::CALLBACK_FUNC_DECL):
+
 2009-10-30  Zoltan Horvath  <zoltan at webkit.org>
 
         Reviewed by Darin Adler.
diff --git a/WebCore/bindings/scripts/CodeGeneratorV8.pm b/WebCore/bindings/scripts/CodeGeneratorV8.pm
index 95b2aa2..0eb5366 100644
--- a/WebCore/bindings/scripts/CodeGeneratorV8.pm
+++ b/WebCore/bindings/scripts/CodeGeneratorV8.pm
@@ -884,7 +884,10 @@ END
     }
 
     if ($function->signature->extendedAttributes->{"CustomArgumentHandling"}) {
-        push(@implContentDecls, "    ScriptCallStack callStack(args, $numParameters);\n");
+        push(@implContentDecls,
+"    OwnPtr<ScriptCallStack> callStack(ScriptCallStack::create(args, $numParameters));\n".
+"    if (!callStack)\n".
+"        return v8::Undefined();\n");
         $implIncludes{"ScriptCallStack.h"} = 1;
     }
     if ($function->signature->extendedAttributes->{"SVGCheckSecurityDocument"}) {
@@ -1528,7 +1531,7 @@ sub GenerateFunctionCallString()
 
     if ($function->signature->extendedAttributes->{"CustomArgumentHandling"}) {
         $functionString .= ", " if not $first;
-        $functionString .= "&callStack";
+        $functionString .= "callStack.get()";
         if ($first) { $first = 0; }
     }
 
diff --git a/WebCore/bindings/v8/ScriptCallStack.cpp b/WebCore/bindings/v8/ScriptCallStack.cpp
index 8eb9478..d9b2fcf 100644
--- a/WebCore/bindings/v8/ScriptCallStack.cpp
+++ b/WebCore/bindings/v8/ScriptCallStack.cpp
@@ -38,8 +38,21 @@
 
 namespace WebCore {
 
-ScriptCallStack::ScriptCallStack(const v8::Arguments& arguments, unsigned skipArgumentCount)
-    : m_lastCaller(String(), V8Proxy::sourceName(), V8Proxy::sourceLineNumber() + 1, arguments, skipArgumentCount)
+ScriptCallStack* ScriptCallStack::create(const v8::Arguments& arguments, unsigned skipArgumentCount) {
+    String sourceName;
+    int sourceLineNumber;
+    if (!V8Proxy::sourceName(sourceName)) {
+        return 0;
+    }
+    if (!V8Proxy::sourceLineNumber(sourceLineNumber)) {
+        return 0;
+    }
+    sourceLineNumber += 1;
+    return new ScriptCallStack(arguments, skipArgumentCount, sourceName, sourceLineNumber);
+}
+
+ScriptCallStack::ScriptCallStack(const v8::Arguments& arguments, unsigned skipArgumentCount, String sourceName, int sourceLineNumber)
+    : m_lastCaller(String(), sourceName, sourceLineNumber, arguments, skipArgumentCount)
     , m_scriptState(new ScriptState(V8Proxy::retrieveFrameForCurrentContext()))
 {
 }
diff --git a/WebCore/bindings/v8/ScriptCallStack.h b/WebCore/bindings/v8/ScriptCallStack.h
index 3ba01c5..f6a7e39 100644
--- a/WebCore/bindings/v8/ScriptCallStack.h
+++ b/WebCore/bindings/v8/ScriptCallStack.h
@@ -45,7 +45,7 @@ namespace WebCore {
 
     class ScriptCallStack : public Noncopyable {
     public:
-        ScriptCallStack(const v8::Arguments&, unsigned skipArgumentCount = 0);
+        static ScriptCallStack* create(const v8::Arguments&, unsigned skipArgumentCount = 0);
         ~ScriptCallStack();
 
         const ScriptCallFrame& at(unsigned) const;
@@ -55,6 +55,8 @@ namespace WebCore {
         ScriptState* state() const { return m_scriptState.get(); }
 
     private:
+        ScriptCallStack(const v8::Arguments& arguments, unsigned skipArgumentCount, String sourceName, int sourceLineNumber);
+    
         ScriptCallFrame m_lastCaller;
         OwnPtr<ScriptState> m_scriptState;
     };
diff --git a/WebCore/bindings/v8/V8Proxy.cpp b/WebCore/bindings/v8/V8Proxy.cpp
index 2ffb232..07063f0 100644
--- a/WebCore/bindings/v8/V8Proxy.cpp
+++ b/WebCore/bindings/v8/V8Proxy.cpp
@@ -1286,35 +1286,40 @@ void V8Proxy::createUtilityContext()
     v8::Script::Compile(v8::String::New(frameSourceNameSource))->Run();
 }
 
-int V8Proxy::sourceLineNumber()
+bool V8Proxy::sourceLineNumber(int& result)
 {
     v8::HandleScope scope;
     v8::Handle<v8::Context> v8UtilityContext = V8Proxy::utilityContext();
     if (v8UtilityContext.IsEmpty())
-        return 0;
+        return false;
     v8::Context::Scope contextScope(v8UtilityContext);
     v8::Handle<v8::Function> frameSourceLine;
     frameSourceLine = v8::Local<v8::Function>::Cast(v8UtilityContext->Global()->Get(v8::String::New("frameSourceLine")));
     if (frameSourceLine.IsEmpty())
-        return 0;
-    v8::Handle<v8::Value> result = v8::Debug::Call(frameSourceLine);
-    if (result.IsEmpty())
-        return 0;
-    return result->Int32Value();
+        return false;
+    v8::Handle<v8::Value> value = v8::Debug::Call(frameSourceLine);
+    if (value.IsEmpty())
+        return false;
+    result = value->Int32Value();
+    return true;
 }
 
-String V8Proxy::sourceName()
+bool V8Proxy::sourceName(String& result)
 {
     v8::HandleScope scope;
     v8::Handle<v8::Context> v8UtilityContext = utilityContext();
     if (v8UtilityContext.IsEmpty())
-        return String();
+        return false;
     v8::Context::Scope contextScope(v8UtilityContext);
     v8::Handle<v8::Function> frameSourceName;
     frameSourceName = v8::Local<v8::Function>::Cast(v8UtilityContext->Global()->Get(v8::String::New("frameSourceName")));
     if (frameSourceName.IsEmpty())
-        return String();
-    return toWebCoreString(v8::Debug::Call(frameSourceName));
+        return false;
+    v8::Handle<v8::Value> value = v8::Debug::Call(frameSourceName);
+    if (value.IsEmpty())
+        return false;
+    result = toWebCoreString(value);
+    return true;
 }
 
 void V8Proxy::registerExtensionWithV8(v8::Extension* extension)
diff --git a/WebCore/bindings/v8/V8Proxy.h b/WebCore/bindings/v8/V8Proxy.h
index 9443ca8..b4bf3c5 100644
--- a/WebCore/bindings/v8/V8Proxy.h
+++ b/WebCore/bindings/v8/V8Proxy.h
@@ -294,8 +294,13 @@ namespace WebCore {
 
         // Function for retrieving the line number and source name for the top
         // JavaScript stack frame.
-        static int sourceLineNumber();
-        static String sourceName();
+        //
+        // It will return true if the line number was successfully retrieved and written
+        // into the |result| parameter, otherwise the function will return false. It may
+        // fail due to a stck overflow in the underlying JavaScript implentation, handling
+        // of such exception is up to the caller.
+        static bool sourceLineNumber(int& result);
+        static bool sourceName(String& result);
 
         v8::Local<v8::Context> context();
 
diff --git a/WebCore/bindings/v8/custom/V8WorkerContextCustom.cpp b/WebCore/bindings/v8/custom/V8WorkerContextCustom.cpp
index 36c7001..627a54e 100644
--- a/WebCore/bindings/v8/custom/V8WorkerContextCustom.cpp
+++ b/WebCore/bindings/v8/custom/V8WorkerContextCustom.cpp
@@ -100,8 +100,13 @@ CALLBACK_FUNC_DECL(WorkerContextImportScripts)
     if (!args.Length())
         return v8::Undefined();
 
-    String callerURL = V8Proxy::sourceName();
-    int callerLine = V8Proxy::sourceLineNumber() + 1;
+    String callerURL;
+    if (!V8Proxy::sourceName(callerURL))
+        return v8::Undefined();
+    int callerLine;
+    if (!V8Proxy::sourceLineNumber(callerLine))
+        return v8::Undefined();
+    callerLine += 1;
 
     Vector<String> urls;
     for (int i = 0; i < args.Length(); i++) {

-- 
WebKit Debian packaging

