Check for empty perContextData while creating NP V8 Object.
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 27 Nov 2012 03:40:59 +0000 (03:40 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 27 Nov 2012 03:40:59 +0000 (03:40 +0000)
commitbe7cec5060c4910f2d95fb6b75fe8b42098cb801
tree0da6b15eaf469b7dbadbb7f1e2b15ee540260c72
parent1d0f9753ad736d2d756ba39f541e69198464d46d
Check for empty perContextData while creating NP V8 Object.
https://bugs.webkit.org/show_bug.cgi?id=98448

Patch by Istiaque Ahmed <lazyboy@chromium.org> on 2012-11-26
Reviewed by Adam Barth.

Fixes crash in npCreateV8ScriptObject(), if NP Invoke is called from a document
that is no longer displayed in frame (isCurrentlyDisplayedInFrame() ==
false), we have empty perContextData and this results in invalid memory access.

Source/WebCore:

Test: platform/chromium/plugins/empty-per-context-data.html

* bindings/v8/NPV8Object.cpp:
(WebCore::npCreateV8ScriptObject):

LayoutTests:

* platform/chromium/plugins/empty-per-context-data-expected.txt: Added.
* platform/chromium/plugins/empty-per-context-data.html: Added.
* platform/chromium/plugins/resources/script-container.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@135804 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/platform/chromium/plugins/empty-per-context-data-expected.txt [new file with mode: 0644]
LayoutTests/platform/chromium/plugins/empty-per-context-data.html [new file with mode: 0644]
LayoutTests/platform/chromium/plugins/resources/script-container.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/bindings/v8/NPV8Object.cpp