Changeset 30235 in webkit for trunk/JavaScriptCore


Ignore:
Timestamp:
Feb 14, 2008, 3:29:51 PM (17 years ago)
Author:
[email protected]
Message:

JavaScriptCore:

Reviewed by Sam Weinig.


Fixed <rdar://problem/5737835> nee http://bugs.webkit.org/show_bug.cgi?id=17329
Crash in JSGlobalObject::popActivation when inserting hyperlink in Wordpress (17329)


Don't reset the "activations" stack in JSGlobalObject::reset, since we
might be executing a script during the call to reset, and the script
needs to safely run to completion.


Instead, initialize the "activations" stack when the global object is
created, and subsequently rely on pushing and popping during normal
execution to maintain the stack's state.


  • kjs/JSGlobalObject.cpp: (KJS::JSGlobalObject::init): (KJS::JSGlobalObject::reset):

LayoutTests:

Reviewed by Sam Weinig.


Layout test for <rdar://problem/5737835> nee http://bugs.webkit.org/show_bug.cgi?id=17329
Crash in JSGlobalObject::popActivation when inserting hyperlink in Wordpress (17329)


  • fast/dom/javascript-url-crash-function.html: Added.
  • fast/dom/javascript-url-crash-function-expected.txt: Added.
  • fast/dom/resources/javascript-url-crash-function-iframe.html: Added.
Location:
trunk/JavaScriptCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/ChangeLog

    r30192 r30235  
     12008-02-14  Geoffrey Garen  <[email protected]>
     2
     3        Reviewed by Sam Weinig.
     4       
     5        Fixed <rdar://problem/5737835> nee http://bugs.webkit.org/show_bug.cgi?id=17329
     6        Crash in JSGlobalObject::popActivation when inserting hyperlink in Wordpress (17329)
     7       
     8        Don't reset the "activations" stack in JSGlobalObject::reset, since we
     9        might be executing a script during the call to reset, and the script
     10        needs to safely run to completion.
     11       
     12        Instead, initialize the "activations" stack when the global object is
     13        created, and subsequently rely on pushing and popping during normal
     14        execution to maintain the stack's state.
     15       
     16        * kjs/JSGlobalObject.cpp:
     17        (KJS::JSGlobalObject::init):
     18        (KJS::JSGlobalObject::reset):
     19
    1202008-02-13  Bernhard Rosenkraenzer  <[email protected]>
    221

  • trunk/JavaScriptCore/kjs/JSGlobalObject.cpp

    r30102 r30235  
    140140    d()->debugger = 0;
    141141   
    142     d()->activations = 0;
    143    
     142    ActivationStackNode* newStackNode = new ActivationStackNode;
     143    newStackNode->prev = 0;   
     144    d()->activations = newStackNode;
     145    d()->activationCount = 0;
     146
    144147    reset(prototype());
    145148}
     
    215218
    216219    ExecState* exec = &d()->globalExec;
    217 
    218     deleteActivationStack();
    219     ActivationStackNode* newStackNode = new ActivationStackNode;
    220     newStackNode->prev = 0;   
    221     d()->activations = newStackNode;
    222     d()->activationCount = 0;
    223220
    224221    // Prototypes
     
    531528    if (!d()->activationCount) {
    532529        ActivationStackNode* prev = d()->activations->prev;
     530        ASSERT(prev);
    533531        delete d()->activations;
    534532        d()->activations = prev;
Note: See TracChangeset for help on using the changeset viewer.