[JSC] Web Inspector: CRASH running $0, $1, etc before they are set
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Mar 2012 21:56:46 +0000 (21:56 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Mar 2012 21:56:46 +0000 (21:56 +0000)
https://bugs.webkit.org/show_bug.cgi?id=81082

Source/WebCore:

Don't return an invalid JSValue. Check if the ScriptValue
has no value and return undefined in that case.

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2012-03-14
Reviewed by Pavel Feldman.

Updated test: inspector/console/command-line-api.html

* bindings/js/JSInjectedScriptHostCustom.cpp:
(WebCore::JSInjectedScriptHost::inspectedObject):

LayoutTests:

Test for an undefined inspectedObject.

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2012-03-14
Reviewed by Pavel Feldman.

* inspector/console/command-line-api-expected.txt:
* inspector/console/command-line-api.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@110760 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/inspector/console/command-line-api-expected.txt
LayoutTests/inspector/console/command-line-api.html
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp

index 930f5c7..3327489 100644 (file)
@@ -1,3 +1,15 @@
+2012-03-14  Joseph Pecoraro  <pecoraro@apple.com>
+
+        [JSC] Web Inspector: CRASH running $0, $1, etc before they are set
+        https://bugs.webkit.org/show_bug.cgi?id=81082
+
+        Test for an undefined inspectedObject.
+
+        Reviewed by Pavel Feldman.
+
+        * inspector/console/command-line-api-expected.txt:
+        * inspector/console/command-line-api.html:
+
 2012-03-14  Adrienne Walker  <enne@google.com>
 
         [chromium] Unreviewed, mark two compositing tests as passing.
index 5de641c..a8b2863 100644 (file)
@@ -1,6 +1,7 @@
 Tests that command line api works.
 
 $0.toString() = "[object HTMLParagraphElement]"
+$3 = undefined
 keys([3,4]).toString() = "0,1"
 values([3,4]).toString() = "3,4"
 $('foo').toString() = "[object HTMLParagraphElement]"
index 9304ec0..12219a0 100644 (file)
@@ -8,6 +8,7 @@ var test = function()
 {
     var expressions = [
         "$0.toString()",
+        "$3",
         "keys([3,4]).toString()",
         "values([3,4]).toString()",
         "$('foo').toString()",
index 5927133..0af39a4 100644 (file)
@@ -1,3 +1,18 @@
+2012-03-14  Joseph Pecoraro  <pecoraro@apple.com>
+
+        [JSC] Web Inspector: CRASH running $0, $1, etc before they are set
+        https://bugs.webkit.org/show_bug.cgi?id=81082
+
+        Don't return an invalid JSValue. Check if the ScriptValue
+        has no value and return undefined in that case.
+
+        Reviewed by Pavel Feldman.
+
+        Updated test: inspector/console/command-line-api.html
+
+        * bindings/js/JSInjectedScriptHostCustom.cpp:
+        (WebCore::JSInjectedScriptHost::inspectedObject):
+
 2012-03-14  James Robinson  <jamesr@chromium.org>
 
         [chromium] Remove canRecoverFromContextLoss attribute, it's unused
index 5972a61..3585bce 100644 (file)
@@ -91,7 +91,11 @@ JSValue JSInjectedScriptHost::inspectedObject(ExecState* exec)
         return jsUndefined();
 
     JSLock lock(SilenceAssertionsOnly);
-    return object->get(exec).jsValue();
+    ScriptValue scriptValue = object->get(exec);
+    if (scriptValue.hasNoValue())
+        return jsUndefined();
+
+    return scriptValue.jsValue();
 }
 
 JSValue JSInjectedScriptHost::internalConstructorName(ExecState* exec)