[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
inferno at chromium.org
inferno at chromium.org
Wed Dec 22 11:42:25 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 9f20b508b57d4a457570cf4508d1daf19a403441
Author: inferno at chromium.org <inferno at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Aug 4 13:25:38 2010 +0000
2010-08-03 Abhishek Arya <inferno at chromium.org>
Reviewed by Alexey Proskuryakov.
Null the script execution context when disconnecting frame in notifications.
Make sure that script execution context is valid in notification requestPermission.
https://bugs.webkit.org/show_bug.cgi?id=43295
Tests: fast/notifications/notifications-document-close-crash.html
* bindings/v8/custom/V8NotificationCenterCustom.cpp:
(WebCore::V8NotificationCenter::requestPermissionCallback):
* notifications/NotificationCenter.cpp:
(WebCore::NotificationCenter::disconnectFrame):
2010-08-03 Abhishek Arya <inferno at chromium.org>
Reviewed by Alexey Proskuryakov.
Tests that requesting notification permission on a closed document does
not result in crash.
https://bugs.webkit.org/show_bug.cgi?id=43295
* fast/notifications/notifications-document-close-crash-expected.txt: Added.
* fast/notifications/notifications-document-close-crash.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@64647 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index c634442..4cc6975 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,14 @@
+2010-08-03 Abhishek Arya <inferno at chromium.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Tests that requesting notification permission on a closed document does
+ not result in crash.
+ https://bugs.webkit.org/show_bug.cgi?id=43295
+
+ * fast/notifications/notifications-document-close-crash-expected.txt: Added.
+ * fast/notifications/notifications-document-close-crash.html: Added.
+
2010-08-04 Pavel Feldman <pfeldman at chromium.org>
Not reviewed. Chromium test expectations update.
diff --git a/LayoutTests/fast/notifications/notifications-document-close-crash-expected.txt b/LayoutTests/fast/notifications/notifications-document-close-crash-expected.txt
new file mode 100644
index 0000000..875106b
--- /dev/null
+++ b/LayoutTests/fast/notifications/notifications-document-close-crash-expected.txt
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: line 36: Uncaught Error: INVALID_STATE_ERR: DOM Exception 11
+PASS
diff --git a/LayoutTests/fast/notifications/notifications-document-close-crash.html b/LayoutTests/fast/notifications/notifications-document-close-crash.html
new file mode 100644
index 0000000..433ae0a
--- /dev/null
+++ b/LayoutTests/fast/notifications/notifications-document-close-crash.html
@@ -0,0 +1,50 @@
+<html>
+ <body>
+ <div id="result"></div>
+ <script>
+ if (window.layoutTestController)
+ {
+ layoutTestController.dumpAsText();
+ layoutTestController.setCanOpenWindows();
+ layoutTestController.grantDesktopNotificationPermission("file://");
+ layoutTestController.waitUntilDone();
+ }
+
+ if (!window.webkitNotifications) {
+ log("FAIL: No webkitNotifications interface!");
+ }
+
+ var target = window.open("about:blank");
+ var notification = target.webkitNotifications;
+ target.location.reload();
+ var timer = setInterval("crash()", 10);
+ setTimeout("finish()", 100);
+
+ function crash()
+ {
+ var a = [];
+ for (var i = 0; i < 0x100; i++)
+ {
+ try
+ {
+ a.push(new WebGLByteArray());
+ }
+ catch (e) {}
+ a.push(Array(i).join("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"));
+ }
+ delete a;
+ notification.requestPermission();
+ }
+
+ function finish()
+ {
+ clearInterval(timer);
+ document.getElementById("result").innerHTML = "PASS";
+ target.close();
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+ </script>
+ </body>
+</html>
+
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index aae22eb..0ebed49 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,18 @@
+2010-08-03 Abhishek Arya <inferno at chromium.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Null the script execution context when disconnecting frame in notifications.
+ Make sure that script execution context is valid in notification requestPermission.
+ https://bugs.webkit.org/show_bug.cgi?id=43295
+
+ Tests: fast/notifications/notifications-document-close-crash.html
+
+ * bindings/v8/custom/V8NotificationCenterCustom.cpp:
+ (WebCore::V8NotificationCenter::requestPermissionCallback):
+ * notifications/NotificationCenter.cpp:
+ (WebCore::NotificationCenter::disconnectFrame):
+
2010-08-03 Adam Roben <aroben at apple.com>
Turn on PLATFORM_STRATEGIES on Windows
diff --git a/WebCore/bindings/v8/custom/V8NotificationCenterCustom.cpp b/WebCore/bindings/v8/custom/V8NotificationCenterCustom.cpp
index 2ce4780..340f0a8 100644
--- a/WebCore/bindings/v8/custom/V8NotificationCenterCustom.cpp
+++ b/WebCore/bindings/v8/custom/V8NotificationCenterCustom.cpp
@@ -83,6 +83,10 @@ v8::Handle<v8::Value> V8NotificationCenter::requestPermissionCallback(const v8::
NotificationCenter* notificationCenter = V8NotificationCenter::toNative(args.Holder());
ScriptExecutionContext* context = notificationCenter->context();
+ // Make sure that script execution context is valid.
+ if (!context)
+ return throwError(INVALID_STATE_ERR);
+
// Requesting permission is only valid from a page context.
if (context->isWorkerContext())
return throwError(NOT_SUPPORTED_ERR);
diff --git a/WebCore/notifications/NotificationCenter.cpp b/WebCore/notifications/NotificationCenter.cpp
index ec70f0a..a2289ec 100644
--- a/WebCore/notifications/NotificationCenter.cpp
+++ b/WebCore/notifications/NotificationCenter.cpp
@@ -68,6 +68,7 @@ void NotificationCenter::disconnectFrame()
return;
m_notificationPresenter->cancelRequestsForPermission(m_scriptExecutionContext);
m_notificationPresenter = 0;
+ m_scriptExecutionContext = 0;
}
} // namespace WebCore
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list