2010-05-26 Jaime Yap <jaimeyap@google.com>
authortony@chromium.org <tony@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 27 May 2010 02:14:42 +0000 (02:14 +0000)
committertony@chromium.org <tony@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 27 May 2010 02:14:42 +0000 (02:14 +0000)
        Reviewed by Pavel Feldman.

        ScriptCallStack::callLocation() sometimes passed an empty handle to
        toWebCoreString() causing a null pointer deref.
        https://bugs.webkit.org/show_bug.cgi?id=39681

        * bindings/v8/ScriptCallStack.cpp:
        (WebCore::ScriptCallStack::callLocation):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@60266 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebCore/ChangeLog
WebCore/bindings/v8/ScriptCallStack.cpp

index 523136a..efefa84 100644 (file)
@@ -1,3 +1,14 @@
+2010-05-26  Jaime Yap  <jaimeyap@google.com>
+
+        Reviewed by Pavel Feldman.
+
+        ScriptCallStack::callLocation() sometimes passed an empty handle to
+        toWebCoreString() causing a null pointer deref.
+        https://bugs.webkit.org/show_bug.cgi?id=39681
+
+        * bindings/v8/ScriptCallStack.cpp:
+        (WebCore::ScriptCallStack::callLocation):
+
 2010-05-26  Brian Weinstein  <bweinstein@apple.com>
 
         Reviewed by Mark Rowe.
index 87d2170..31b05ee 100644 (file)
@@ -58,6 +58,7 @@ bool ScriptCallStack::callLocation(String* sourceName, int* sourceLineNumber, St
     if (stackTrace.IsEmpty())
         return false;
     if (stackTrace->GetFrameCount() <= 0) {
+        // Successfully grabbed stack trace, but there are no frames.
         // Fallback to setting lineNumber to 0, and source and function name to "undefined".
         *sourceName = toWebCoreString(v8::Undefined());
         *sourceLineNumber = 0;
@@ -65,9 +66,13 @@ bool ScriptCallStack::callLocation(String* sourceName, int* sourceLineNumber, St
         return true;
     }
     v8::Handle<v8::StackFrame> frame = stackTrace->GetFrame(0);
-    *sourceName = toWebCoreString(frame->GetScriptName());
+    // There must be at least one valid frame.
+    ASSERT(!frame.IsEmpty());
+    v8::Local<v8::String> sourceNameValue(frame->GetScriptName());
+    v8::Local<v8::String> functionNameValue(frame->GetFunctionName());
+    *sourceName = sourceNameValue.IsEmpty() ? "" : toWebCoreString(sourceNameValue);
+    *functionName = functionNameValue.IsEmpty() ? "" : toWebCoreString(functionNameValue);
     *sourceLineNumber = frame->GetLineNumber();
-    *functionName = toWebCoreString(frame->GetFunctionName());
     return true;
 }