[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
eric at webkit.org
eric at webkit.org
Thu Apr 8 01:17:17 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit 1f108f691a2db33eb7c1887c3d424a0fc9e72c16
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Jan 20 14:15:00 2010 +0000
2010-01-20 Kent Tamura <tkent at chromium.org>
Reviewed by Adam Barth.
[Chromium][V8] Fix null pointer dereference in V8Proxy::retrieve().
https://bugs.webkit.org/show_bug.cgi?id=33886
This is equivalent to r53433, and fix a crash by
LayoutTests/http/tests/appcache/destroyed-iframe.html.
* bindings/v8/V8Proxy.cpp:
(WebCore::V8Proxy::retrieve): Check if context is null.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53546 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index f6696a7..e9a59f7 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2010-01-20 Kent Tamura <tkent at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ [Chromium][V8] Fix null pointer dereference in V8Proxy::retrieve().
+ https://bugs.webkit.org/show_bug.cgi?id=33886
+
+ This is equivalent to r53433, and fix a crash by
+ LayoutTests/http/tests/appcache/destroyed-iframe.html.
+
+ * bindings/v8/V8Proxy.cpp:
+ (WebCore::V8Proxy::retrieve): Check if context is null.
+
2010-01-20 Alexander Pavlov <apavlov at chromium.org>
Reviewed by Timothy Hatcher.
diff --git a/WebCore/bindings/v8/V8Proxy.cpp b/WebCore/bindings/v8/V8Proxy.cpp
index d6c27e9..5ab36da 100644
--- a/WebCore/bindings/v8/V8Proxy.cpp
+++ b/WebCore/bindings/v8/V8Proxy.cpp
@@ -552,7 +552,7 @@ V8Proxy* V8Proxy::retrieve(Frame* frame)
V8Proxy* V8Proxy::retrieve(ScriptExecutionContext* context)
{
- if (!context->isDocument())
+ if (!context || !context->isDocument())
return 0;
return retrieve(static_cast<Document*>(context)->frame());
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list