Skip to content
Permalink
Browse files
REGRESSION (r125592): Crash in Console::addMessage, under InjectedBun…
…dle::reportException

https://bugs.webkit.org/show_bug.cgi?id=94220

Reviewed by Alexey Proskuryakov.

Previously, this code was trying to detect whether a DOMWindow is
currently displayed in a Frame by testing whether
DOMWindow->scriptExecutionContext is zero. That used to work, but now
that DOMWindow->scriptExecutionContext is non-zero for detached
DOMWindow, this code doesn't work anymore. This patch replaces the code
with the current idiom, which is to call
DOMWindow::isCurrentDisplayedInFrame.

Alexey and I couldn't figure out how to test this change. This bug
causes a crash when some Safari extensions are installed, but it's not
clear whether this bug can be triggered from the web platform. We're
going to ask Jessie for ideas when she gets back from vacation.

* bindings/js/JSDOMBinding.cpp:
(WebCore::reportException):


Canonical link: https://commits.webkit.org/112163@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@125912 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
Adam Barth committed Aug 17, 2012
1 parent 43c0f17 commit 55dc0872527cd70ed7d2df42d6b6a5dff1c09b5c
Showing 2 changed files with 26 additions and 7 deletions.
@@ -1,3 +1,26 @@
2012-08-17 Adam Barth <abarth@webkit.org>

REGRESSION (r125592): Crash in Console::addMessage, under InjectedBundle::reportException
https://bugs.webkit.org/show_bug.cgi?id=94220

Reviewed by Alexey Proskuryakov.

Previously, this code was trying to detect whether a DOMWindow is
currently displayed in a Frame by testing whether
DOMWindow->scriptExecutionContext is zero. That used to work, but now
that DOMWindow->scriptExecutionContext is non-zero for detached
DOMWindow, this code doesn't work anymore. This patch replaces the code
with the current idiom, which is to call
DOMWindow::isCurrentDisplayedInFrame.

Alexey and I couldn't figure out how to test this change. This bug
causes a crash when some Safari extensions are installed, but it's not
clear whether this bug can be triggered from the web platform. We're
going to ask Jessie for ideas when she gets back from vacation.

* bindings/js/JSDOMBinding.cpp:
(WebCore::reportException):

2012-08-17 Sheriff Bot <webkit.review.bot@gmail.com>

Unreviewed, rolling out r125892.
@@ -158,14 +158,10 @@ void reportException(ExecState* exec, JSValue exception)
if (ExceptionBase* exceptionBase = toExceptionBase(exception))
errorMessage = stringToUString(exceptionBase->message() + ": " + exceptionBase->description());

ScriptExecutionContext* scriptExecutionContext = jsCast<JSDOMGlobalObject*>(exec->lexicalGlobalObject())->scriptExecutionContext();

// scriptExecutionContext can be null when the relevant global object is a stale inner window object.
// It's harmless to return here without reporting the exception to the log and the debugger in this case.
if (!scriptExecutionContext)
DOMWindow* activeWindow = activeDOMWindow(exec);
if (!activeWindow->isCurrentlyDisplayedInFrame())
return;

scriptExecutionContext->reportException(ustringToString(errorMessage), lineNumber, ustringToString(exceptionSourceURL), 0);
activeWindow->scriptExecutionContext()->reportException(ustringToString(errorMessage), lineNumber, ustringToString(exceptionSourceURL), 0);
}

void reportCurrentException(ExecState* exec)

0 comments on commit 55dc087

Please sign in to comment.