[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.18-1-697-g2f78b87

ap at apple.com ap at apple.com
Wed Jan 20 22:28:30 UTC 2010 

The following commit has been merged in the debian/unstable branch:
commit b055b929b9184ca9406b9e6f056d1e04599f13b9
Author: ap at apple.com <ap at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Jan 19 00:53:39 2010 +0000

            Reviewed by Darin Adler.
    
            https://bugs.webkit.org/show_bug.cgi?id=33815
            Crash when using DOMTimer from a detached frame
    
            Test: fast/dom/Window/timer-null-script-execution-context.html
    
            * bindings/js/JSDOMWindowCustom.cpp:
            (WebCore::JSDOMWindow::setTimeout):
            (WebCore::JSDOMWindow::setInterval):
            * page/DOMWindow.h:
            * page/DOMWindow.idl:
            Make setTimer and setInterval raise an exception. It is not specified in HTML5, but both
            IE and Firefox do raise an exception in this situation, although different ones.
    
            * page/DOMWindow.cpp:
            (WebCore::DOMWindow::setTimeout): Raise INVALID_ACCESS_ERR if script execution context is
            null (meaning that the window is detached).
            (WebCore::DOMWindow::setInterval): Ditto.
            (WebCore::DOMWindow::clearTimeout): Silently return early if there is no script execution
            context.
            (WebCore::DOMWindow::clearInterval): Ditto.
            Raise INVALID_ACCESS_ERR if script execution context is null (meaning .
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53439 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index b9b6512..be26389 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-01-18  Alexey Proskuryakov  <ap at apple.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=33815
+        Crash when using DOMTimer from a detached frame
+
+        * fast/dom/Window/timer-null-script-execution-context-expected.txt: Added.
+        * fast/dom/Window/timer-null-script-execution-context.html: Added.
+
 2010-01-18  Brian Weinstein  <bweinstein at apple.com>
 
         Rubber-stamped by Tim Hatcher.
diff --git a/LayoutTests/fast/dom/Window/timer-null-script-execution-context-expected.txt b/LayoutTests/fast/dom/Window/timer-null-script-execution-context-expected.txt
new file mode 100644
index 0000000..f919fda
--- /dev/null
+++ b/LayoutTests/fast/dom/Window/timer-null-script-execution-context-expected.txt
@@ -0,0 +1,5 @@
+Test for bug 33815: Crash when using DOMTimer from a detached frame.
+
+Pass if no crash.
+
+
diff --git a/LayoutTests/fast/dom/Window/timer-null-script-execution-context.html b/LayoutTests/fast/dom/Window/timer-null-script-execution-context.html
new file mode 100644
index 0000000..6e224cf
--- /dev/null
+++ b/LayoutTests/fast/dom/Window/timer-null-script-execution-context.html
@@ -0,0 +1,42 @@
+<body onload="test()">
+<p>Test for <a href="https://bugs.webkit.org/show_bug.cgi?id=33815">bug 33815</a>: Crash when using DOMTimer from a detached frame.</p>
+<p>Pass if no crash.</p>
+<iframe src="about:blank"></iframe>
+
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+function gc()
+{
+    if (window.GCController)
+        return GCController.collect();
+
+    for (var i = 0; i < 10000; i++) { // > force garbage collection (FF requires about 9K allocations before a collect)
+        var s = new String("");
+    }
+}
+
+
+function test()
+{
+    var w = frames[0];
+    var w_setTimeout = w.setTimeout;
+    var w_clearTimeout = w.clearTimeout;
+    var w_setInterval = w.setInterval;
+    var w_clearInterval = w.clearInterval;
+    document.body.removeChild(document.getElementsByTagName("iframe")[0]);
+    setTimeout(function() {
+        gc();
+        try { w_setTimeout.call(w, "", 0); alert("FAIL: no exception") } catch (ex) { }
+        try { w_clearTimeout.call(w, 0) } catch (ex) { }
+        try { w_setInterval.call(w, "", 0); alert("FAIL: no exception") } catch (ex) { }
+        try { w_clearInterval.call(w, 0) } catch (ex) { }
+
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    }, 0);
+}
+</script>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index e3c87f7..537081c 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,29 @@
+2010-01-18  Alexey Proskuryakov  <ap at apple.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=33815
+        Crash when using DOMTimer from a detached frame
+
+        Test: fast/dom/Window/timer-null-script-execution-context.html
+
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::JSDOMWindow::setTimeout):
+        (WebCore::JSDOMWindow::setInterval):
+        * page/DOMWindow.h:
+        * page/DOMWindow.idl:
+        Make setTimer and setInterval raise an exception. It is not specified in HTML5, but both
+        IE and Firefox do raise an exception in this situation, although different ones.
+
+        * page/DOMWindow.cpp:
+        (WebCore::DOMWindow::setTimeout): Raise INVALID_ACCESS_ERR if script execution context is
+        null (meaning that the window is detached).
+        (WebCore::DOMWindow::setInterval): Ditto.
+        (WebCore::DOMWindow::clearTimeout): Silently return early if there is no script execution
+        context.
+        (WebCore::DOMWindow::clearInterval): Ditto.
+        Raise INVALID_ACCESS_ERR if script execution context is null (meaning .
+
 2010-01-18  Steve Block  <steveblock at google.com>
 
         Reviewed by Adam Barth.
diff --git a/WebCore/bindings/js/JSDOMWindowCustom.cpp b/WebCore/bindings/js/JSDOMWindowCustom.cpp
index e6c3e91..a349a0b 100644
--- a/WebCore/bindings/js/JSDOMWindowCustom.cpp
+++ b/WebCore/bindings/js/JSDOMWindowCustom.cpp
@@ -929,7 +929,12 @@ JSValue JSDOMWindow::setTimeout(ExecState* exec, const ArgList& args)
     if (exec->hadException())
         return jsUndefined();
     int delay = args.at(1).toInt32(exec);
-    return jsNumber(exec, impl()->setTimeout(action, delay));
+
+    ExceptionCode ec = 0;
+    int result = impl()->setTimeout(action, delay, ec);
+    setDOMException(exec, ec);
+
+    return jsNumber(exec, result);
 }
 
 JSValue JSDOMWindow::setInterval(ExecState* exec, const ArgList& args)
@@ -938,7 +943,12 @@ JSValue JSDOMWindow::setInterval(ExecState* exec, const ArgList& args)
     if (exec->hadException())
         return jsUndefined();
     int delay = args.at(1).toInt32(exec);
-    return jsNumber(exec, impl()->setInterval(action, delay));
+
+    ExceptionCode ec = 0;
+    int result = impl()->setInterval(action, delay, ec);
+    setDOMException(exec, ec);
+
+    return jsNumber(exec, result);
 }
 
 JSValue JSDOMWindow::atob(ExecState* exec, const ArgList& args)
diff --git a/WebCore/page/DOMWindow.cpp b/WebCore/page/DOMWindow.cpp
index 757e32f..564c2c4 100644
--- a/WebCore/page/DOMWindow.cpp
+++ b/WebCore/page/DOMWindow.cpp
@@ -1237,24 +1237,40 @@ void DOMWindow::resizeTo(float width, float height) const
     page->chrome()->setWindowRect(fr);
 }
 
-int DOMWindow::setTimeout(ScheduledAction* action, int timeout)
+int DOMWindow::setTimeout(ScheduledAction* action, int timeout, ExceptionCode& ec)
 {
-    return DOMTimer::install(scriptExecutionContext(), action, timeout, true);
+    ScriptExecutionContext* context = scriptExecutionContext();
+    if (!context) {
+        ec = INVALID_ACCESS_ERR;
+        return -1;
+    }
+    return DOMTimer::install(context, action, timeout, true);
 }
 
 void DOMWindow::clearTimeout(int timeoutId)
 {
-    DOMTimer::removeById(scriptExecutionContext(), timeoutId);
+    ScriptExecutionContext* context = scriptExecutionContext();
+    if (!context)
+        return;
+    DOMTimer::removeById(context, timeoutId);
 }
 
-int DOMWindow::setInterval(ScheduledAction* action, int timeout)
+int DOMWindow::setInterval(ScheduledAction* action, int timeout, ExceptionCode& ec)
 {
-    return DOMTimer::install(scriptExecutionContext(), action, timeout, false);
+    ScriptExecutionContext* context = scriptExecutionContext();
+    if (!context) {
+        ec = INVALID_ACCESS_ERR;
+        return -1;
+    }
+    return DOMTimer::install(context, action, timeout, false);
 }
 
 void DOMWindow::clearInterval(int timeoutId)
 {
-    DOMTimer::removeById(scriptExecutionContext(), timeoutId);
+    ScriptExecutionContext* context = scriptExecutionContext();
+    if (!context)
+        return;
+    DOMTimer::removeById(context, timeoutId);
 }
 
 bool DOMWindow::addEventListener(const AtomicString& eventType, PassRefPtr<EventListener> listener, bool useCapture)
diff --git a/WebCore/page/DOMWindow.h b/WebCore/page/DOMWindow.h
index ebc46fd..ea76898 100644
--- a/WebCore/page/DOMWindow.h
+++ b/WebCore/page/DOMWindow.h
@@ -232,9 +232,9 @@ namespace WebCore {
         void resizeTo(float width, float height) const;
 
         // Timers
-        int setTimeout(ScheduledAction*, int timeout);
+        int setTimeout(ScheduledAction*, int timeout, ExceptionCode&);
         void clearTimeout(int timeoutId);
-        int setInterval(ScheduledAction*, int timeout);
+        int setInterval(ScheduledAction*, int timeout, ExceptionCode&);
         void clearInterval(int timeoutId);
 
         // Events

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list