+2011-02-03 Anton Muhin <antonm@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ [v8] Bail out if to string conversion returned empty handle
+ https://bugs.webkit.org/show_bug.cgi?id=53687
+
+ This a temporary measure: actually one probably should never get empty handle
+ if there was no exception. The root cause is under investigation.
+ The bailout though allows Chromium not to crash---attempt to convert an empty
+ v8 hande into WebCore string crashes with invalid memory access.
+
+ See http://code.google.com/p/chromium/issues/detail?id=71544
+
+ There is no known reduction expressible as a layout test so far. The crash found with automated testing tools.
+
+ * bindings/v8/V8Binding.cpp:
+ (WebCore::v8NonStringValueToWebCoreString): Bail out on empty handle
+ * bindings/v8/V8Binding.h:
+ (WebCore::V8ParameterBase::prepareBase): Ditto
+
2011-02-03 Adam Barth <abarth@webkit.org>
Attempt to fix Chromium build.
throwError(block.Exception());
return StringImpl::empty();
}
+ // This path is unexpected. However there is hypothesis that it
+ // might be combination of v8 and v8 bindings bugs. For now
+ // just bailout as we'll crash if attempt to convert empty handle into a string.
+ if (v8String.IsEmpty()) {
+ ASSERT_NOT_REACHED();
+ return StringImpl::empty();
+ }
return v8StringToWebCoreString<String>(v8String, DoNotExternalize);
}
return false;
}
+ // This path is unexpected. However there is hypothesis that it
+ // might be combination of v8 and v8 bindings bugs. For now
+ // just bailout as we'll crash if attempt to convert empty handle into a string.
+ if (m_v8Object.IsEmpty()) {
+ ASSERT_NOT_REACHED();
+ return false;
+ }
+
return true;
}