2011-01-27 Yury Semikhatsky <yurys@chromium.org>

Reviewed by Pavel Feldman. [V8] Crash in WebCore::addMessageToConsole https://bugs.webkit.org/show_bug.cgi?id=53227 * bindings/v8/V8Proxy.cpp: check that the Frame where the error occured still has a page before getting a console object from it. (WebCore::V8Proxy::reportUnsafeAccessTo): Canonical link: https://commits.webkit.org/67004@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76786 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Jan 27, 2011 · 92eb723b3678d7ff19e432148d349cf0e816373c · 92eb723
1 parent 1913ed3
commit 92eb723b3678d7ff19e432148d349cf0e816373c
Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
@@ -1,3 +1,14 @@
+2011-01-27  Yury Semikhatsky  <yurys@chromium.org>
+
+        Reviewed by Pavel Feldman.
+
+        [V8] Crash in WebCore::addMessageToConsole
+        https://bugs.webkit.org/show_bug.cgi?id=53227
+
+        * bindings/v8/V8Proxy.cpp: check that the Frame where the error
+        occured still has a page before getting a console object from it.
+        (WebCore::V8Proxy::reportUnsafeAccessTo):
+
 2011-01-27  Hans Wennborg  <hans@chromium.org>
 
         Reviewed by Jeremy Orlow.

diff --git a/Source/WebCore/bindings/v8/V8Proxy.cpp b/Source/WebCore/bindings/v8/V8Proxy.cpp
@@ -153,10 +153,15 @@ void V8Proxy::reportUnsafeAccessTo(Frame* target)
         return;
 
     Frame* source = V8Proxy::retrieveFrameForEnteredContext();
-    if (!source || !source->document())
-        return; // Ignore error if the source document is gone.
+    if (!source)
+        return;
+    Page* page = source->page();
+    if (!page)
+        return;
 
     Document* sourceDocument = source->document();
+    if (!sourceDocument)
+        return; // Ignore error if the source document is gone.
 
     // FIXME: This error message should contain more specifics of why the same
     // origin check has failed.
@@ -170,7 +175,7 @@ void V8Proxy::reportUnsafeAccessTo(Frame* target)
     // NOTE: Safari prints the message in the target page, but it seems like
     // it should be in the source page. Even for delayed messages, we put it in
     // the source page.
-    addMessageToConsole(source->page(), str, kSourceID, kLineNumber);
+    addMessageToConsole(page, str, kSourceID, kLineNumber);
 }
 
 static void handleFatalErrorInV8()