Changeset 136986 in webkit for trunk/Source/JavaScriptCore/API/JSValueRef.cpp

Timestamp:

Dec 7, 2012, 2:34:04 PM (13 years ago)

Author:

[email protected]

Message:

Crash in JSC::Bindings::RootObject::globalObject() sync'ing notes in Evernote
​https://bugs.webkit.org/show_bug.cgi?id=104321
<rdar://problem/12770497>

Reviewed by Sam Weinig.

../JavaScriptCore:

Work around a JSValueUnprotect(NULL) in Evernote.

• API/JSValueRef.cpp:

(evernoteHackNeeded):
(JSValueUnprotect):

../WebCore:

Missed a null check.

• bindings/objc/WebScriptObject.mm:

(-[WebScriptObject JSObject]): If our root object has been cleared, don't
try to dereference it. This happens in Evernote during tear-down.

This matches the behavior of other methods in the same class.

(_isSafeScript returns false if the root object has been cleared.)

If we believe _isSafeScript is a good idea, it's probably the right test
to use here (as opposed to just null-checking _rootObject) because this API
gives the client unlimited access to the underlying JavaScript object.

File:

• trunk/Source/JavaScriptCore/API/JSValueRef.cpp (modified) (2 diffs)

trunk/Source/JavaScriptCore/API/JSValueRef.cpp

@@ -45 +45 @@
 #include <algorithm> // for std::min
 
+#if PLATFORM(MAC)
+#include <mach-o/dyld.h>
+#endif
+
 using namespace JSC;
+
+#if PLATFORM(MAC)
+static bool evernoteHackNeeded()
+{
+    static const int32_t webkitLastVersionWithEvernoteHack = 35133959;
+    static bool hackNeeded = CFEqual(CFBundleGetIdentifier(CFBundleGetMainBundle()), CFSTR("com.evernote.Evernote"))
+        && NSVersionOfLinkTimeLibrary("JavaScriptCore") <= webkitLastVersionWithEvernoteHack;
+
+    return hackNeeded;
+}
+#endif
 
 ::JSType JSValueGetType(JSContextRef ctx, JSValueRef value)
@@ -333 +348 @@
 void JSValueUnprotect(JSContextRef ctx, JSValueRef value)
 {
+#if PLATFORM(MAC)
+    if ((!value || !ctx) && evernoteHackNeeded())
+        return;
+#endif
+
     ExecState* exec = toJS(ctx);
     APIEntryShim entryShim(exec);