[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

japhet at chromium.org japhet at chromium.org
Thu Apr 8 01:02:34 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit 9e505e508672dbffbd7ae8f6ff2a7a32161ff790
Author: japhet at chromium.org <japhet at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Jan 12 20:44:11 2010 +0000

    2010-01-12  Nate Chapin  <japhet at chromium.org>
    
            Reviewed by Dimitri Glazkov.
    
            Add a null check in case of an event handler with invalid syntax.
    
            Should make fast/js/invalid-syntax--for-function.html not crash in
            Chromium's test shell.
    
            * bindings/v8/V8LazyEventListener.cpp:
            (WebCore::V8LazyEventListener::callListenerFunction): Check the listener object before using it.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53155 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index b42f426..7c6ea3e 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-01-12  Nate Chapin  <japhet at chromium.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        Add a null check in case of an event handler with invalid syntax.
+
+        Should make fast/js/invalid-syntax--for-function.html not crash in
+        Chromium's test shell.
+
+        * bindings/v8/V8LazyEventListener.cpp:
+        (WebCore::V8LazyEventListener::callListenerFunction): Check the listener object before using it.
+
 2010-01-12  Peter Kasting  <pkasting at google.com>
 
         Reviewed by Dimitri Glazkov.
diff --git a/WebCore/bindings/v8/V8LazyEventListener.cpp b/WebCore/bindings/v8/V8LazyEventListener.cpp
index 16b21d6..7f13c5a 100644
--- a/WebCore/bindings/v8/V8LazyEventListener.cpp
+++ b/WebCore/bindings/v8/V8LazyEventListener.cpp
@@ -54,7 +54,11 @@ V8LazyEventListener::V8LazyEventListener(const String& functionName, bool isSVGE
 
 v8::Local<v8::Value> V8LazyEventListener::callListenerFunction(ScriptExecutionContext* context, v8::Handle<v8::Value> jsEvent, Event* event)
 {
-    v8::Local<v8::Function> handlerFunction = v8::Local<v8::Function>::Cast(getListenerObject(context));
+    v8::Local<v8::Object> listenerObject = getListenerObject(context);
+    if (listenerObject.IsEmpty())
+        return v8::Local<v8::Value>();
+
+    v8::Local<v8::Function> handlerFunction = v8::Local<v8::Function>::Cast(listenerObject);
     v8::Local<v8::Object> receiver = getReceiverObject(event);
     if (handlerFunction.IsEmpty() || receiver.IsEmpty())
         return v8::Local<v8::Value>();

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list