JavaScriptCore:
authormjs <mjs@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 9 Jul 2007 07:39:21 +0000 (07:39 +0000)
committermjs <mjs@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 9 Jul 2007 07:39:21 +0000 (07:39 +0000)
        Reviewed by Oliver.

        - JavaScriptCore part of fix for: <rdar://problem/5295734> Repro crash closing tab/window @ maps.google.com in WTF::HashSet<KJS::RuntimeObjectImp*, WTF::PtrHash<KJS::RuntimeObjectImp*>, WTF::HashTraits<KJS::RuntimeObjectImp*> >::add + 11

        * JavaScriptCore.exp: Added needed export.

WebCore:

        Reviewed by Oliver.

        <rdar://problem/5295734> Repro crash closing tab/window @ maps.google.com in WTF::HashSet<KJS::RuntimeObjectImp*, WTF::PtrHash<KJS::RuntimeObjectImp*>, WTF::HashTraits<KJS::RuntimeObjectImp*> >::add + 11

        Automated test case is not possible. Did not bother with manual test this time.

        * bindings/js/kjs_dom.cpp:
        (WebCore::getRuntimeObject): Check that runtime root isn't null, as well as instance;
        this should cover the case where the plugin is already shut down and onunload time.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@24106 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JavaScriptCore/ChangeLog
JavaScriptCore/JavaScriptCore.exp
WebCore/ChangeLog
WebCore/bindings/js/kjs_dom.cpp

index 8a60b25..367f34c 100644 (file)
@@ -1,3 +1,11 @@
+2007-07-09  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - JavaScriptCore part of fix for: <rdar://problem/5295734> Repro crash closing tab/window @ maps.google.com in WTF::HashSet<KJS::RuntimeObjectImp*, WTF::PtrHash<KJS::RuntimeObjectImp*>, WTF::HashTraits<KJS::RuntimeObjectImp*> >::add + 11
+        
+        * JavaScriptCore.exp: Added needed export.
+
 2007-07-06  Maciej Stachowiak  <mjs@apple.com>
 
         Reviewed by Antti.
index 487bc16..a133afc 100644 (file)
@@ -185,6 +185,7 @@ __ZN3KJS8Bindings10RootObjectD1Ev
 __ZN3KJS8Bindings10throwErrorEPNS_9ExecStateENS_9ErrorTypeEP8NSString
 __ZN3KJS8Bindings23convertObjcValueToValueEPNS_9ExecStateEPvNS0_13ObjcValueTypeEPNS0_10RootObjectE
 __ZN3KJS8Bindings23convertValueToObjcValueEPNS_9ExecStateEPNS_7JSValueENS0_13ObjcValueTypeE
+__ZNK3KJS8Bindings8Instance10rootObjectEv
 __ZN3KJS8Bindings8Instance18didExecuteFunctionEv
 __ZN3KJS8Bindings8Instance21setDidExecuteFunctionEPFvPNS_9ExecStateEPNS_8JSObjectEE
 __ZN3KJS8Bindings8Instance32createBindingForLanguageInstanceENS1_15BindingLanguageEPvN3WTF10PassRefPtrINS0_10RootObjectEEE
index 04cb785..fe73168 100644 (file)
@@ -1,3 +1,15 @@
+2007-07-09  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+
+        <rdar://problem/5295734> Repro crash closing tab/window @ maps.google.com in WTF::HashSet<KJS::RuntimeObjectImp*, WTF::PtrHash<KJS::RuntimeObjectImp*>, WTF::HashTraits<KJS::RuntimeObjectImp*> >::add + 11
+        
+        Automated test case is not possible. Did not bother with manual test this time.
+
+        * bindings/js/kjs_dom.cpp:
+        (WebCore::getRuntimeObject): Check that runtime root isn't null, as well as instance;
+        this should cover the case where the plugin is already shut down and onunload time.
+
 2007-07-08  Maciej Stachowiak  <mjs@apple.com>
 
         Reviewed by Sam.
index 874af28..552a59a 100644 (file)
@@ -103,7 +103,7 @@ JSValue* getRuntimeObject(ExecState* exec, Node* n)
 #if USE(JAVASCRIPTCORE_BINDINGS)
     if (n->hasTagName(objectTag) || n->hasTagName(embedTag) || n->hasTagName(appletTag)) {
         HTMLPlugInElement* plugInElement = static_cast<HTMLPlugInElement*>(n);
-        if (plugInElement->getInstance())
+        if (plugInElement->getInstance() && plugInElement->getInstance()->rootObject())
             // The instance is owned by the PlugIn element.
             return new RuntimeObjectImp(plugInElement->getInstance());
     }