From: abarth@webkit.org Date: Mon, 23 Nov 2009 19:12:08 +0000 (+0000) Subject: 2009-11-23 Adam Barth X-Git-Url: https://git.webkit.org/?p=WebKit-https.git;a=commitdiff_plain;h=634974b86a70fcf62ff3d122f359b99981c92353;hp=1a9e72cf64edd0a5eb714fe1ac8ec1fe0ac74a39 2009-11-23 Adam Barth Reviewed by Dimitri Glazkov. [V8] Don't crash when OOM in creating isolated world https://bugs.webkit.org/show_bug.cgi?id=31805 We need to add some more null checks to avoid crashing. No new tests because we don't have a good way to test out-of-memory bugs. * bindings/v8/V8Proxy.cpp: (WebCore::V8Proxy::evaluateInIsolatedWorld): (WebCore::V8Proxy::evaluateInNewContext): (WebCore::V8Proxy::setInjectedScriptContextDebugId): * bindings/v8/V8Proxy.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@51312 268f45cc-cd09-0410-ab3c-d52691b4dbfc --- diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog index c7afde2fe7ae..124b7b4556bc 100644 --- a/WebCore/ChangeLog +++ b/WebCore/ChangeLog @@ -1,3 +1,19 @@ +2009-11-23 Adam Barth + + Reviewed by Dimitri Glazkov. + + [V8] Don't crash when OOM in creating isolated world + https://bugs.webkit.org/show_bug.cgi?id=31805 + + We need to add some more null checks to avoid crashing. No new tests + because we don't have a good way to test out-of-memory bugs. + + * bindings/v8/V8Proxy.cpp: + (WebCore::V8Proxy::evaluateInIsolatedWorld): + (WebCore::V8Proxy::evaluateInNewContext): + (WebCore::V8Proxy::setInjectedScriptContextDebugId): + * bindings/v8/V8Proxy.h: + 2009-11-23 Dirk Schulze Reviewed by Nikolas Zimmermann. diff --git a/WebCore/bindings/v8/V8Proxy.cpp b/WebCore/bindings/v8/V8Proxy.cpp index 6969185d9b92..89a8b57f0705 100644 --- a/WebCore/bindings/v8/V8Proxy.cpp +++ b/WebCore/bindings/v8/V8Proxy.cpp @@ -311,7 +311,11 @@ void V8Proxy::evaluateInIsolatedWorld(int worldID, const Vectorcontext()); + if (!setInjectedScriptContextDebugId(world->context())) { + m_isolatedWorlds.take(worldID); + delete world; + return; + } } } else { world = new V8IsolatedWorld(this, extensionGroup); @@ -350,7 +354,10 @@ void V8Proxy::evaluateInNewContext(const Vector& sources, int v8::Context::Scope contextScope(context); // Setup context id for JS debugger. - setInjectedScriptContextDebugId(context); + if (!setInjectedScriptContextDebugId(context)) { + context.Dispose(); + return; + } v8::Handle global = context->Global(); @@ -376,19 +383,29 @@ void V8Proxy::evaluateInNewContext(const Vector& sources, int context.Dispose(); } -void V8Proxy::setInjectedScriptContextDebugId(v8::Handle targetContext) +bool V8Proxy::setInjectedScriptContextDebugId(v8::Handle targetContext) { // Setup context id for JS debugger. v8::Context::Scope contextScope(targetContext); v8::Handle contextData = v8::Object::New(); + if (contextData.IsEmpty()) + return false; + if (m_context.IsEmpty()) + return false; v8::Handle windowContextData = m_context->GetData(); if (windowContextData->IsObject()) { v8::Handle propertyName = v8::String::New(kContextDebugDataValue); + if (propertyName.IsEmpty()) + return false; contextData->Set(propertyName, v8::Object::Cast(*windowContextData)->Get(propertyName)); } - contextData->Set(v8::String::New(kContextDebugDataType), v8::String::New("injected")); + v8::Handle propertyName = v8::String::New(kContextDebugDataType); + if (propertyName.IsEmpty()) + return false; + contextData->Set(propertyName, v8::String::New("injected")); targetContext->SetData(contextData); + return true; } v8::Local V8Proxy::evaluate(const ScriptSourceCode& source, Node* node) diff --git a/WebCore/bindings/v8/V8Proxy.h b/WebCore/bindings/v8/V8Proxy.h index e299d628b7e1..c8628d105e9d 100644 --- a/WebCore/bindings/v8/V8Proxy.h +++ b/WebCore/bindings/v8/V8Proxy.h @@ -387,7 +387,8 @@ namespace WebCore { void resetIsolatedWorlds(); - void setInjectedScriptContextDebugId(v8::Handle targetContext); + // Returns false when we're out of memory in V8. + bool setInjectedScriptContextDebugId(v8::Handle targetContext); static bool canAccessPrivate(DOMWindow*);