34899 2010-02-12 10:11:13 -0800 [V8] Crash regression in r54305 when window.event is set by a script 2010-02-18 09:25:48 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 japhet japhet oldest_to_newest 190088 0 japhet 2010-02-12 10:11:13 -0800 ScriptController.cpp:174 doesn't handle the possibility that the event field on the global object is set to a v8::Object that isn't a DOM wrapper. This can only happen if a script has directly set window.event. 190091 1 48651 japhet 2010-02-12 10:23:33 -0800 Created attachment 48651 patch 191282 2 48651 eric 2010-02-17 16:15:20 -0800 Comment on attachment 48651 patch Ideally fast/dom/Window/window-event-override-no-crash.html should have a newline at the end, but this looks great! 191631 3 japhet 2010-02-18 09:25:48 -0800 http://trac.webkit.org/changeset/54964 ....and, um, http://trac.webkit.org/changeset/54965 48651 2010-02-12 10:23:33 -0800 2010-02-17 16:15:20 -0800 patch event.txt text/plain 5307 japhet SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA1NDcyNykKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMjEgQEAKKzIwMTAtMDItMTIgIE5hdGUgQ2hhcGluICA8amFwaGV0QGNocm9taXVt Lm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBb VjhdIENvcnJlY3RseSBoYW5kbGUgdGhlIGNhc2Ugd2hlcmUgdGhlIGV2ZW50IGZpZWxkIG9uIHRo ZQorICAgICAgICBnbG9iYWwgb2JqZWN0IGlzIGEgdjg6Ok9iamVjdCwgYnV0IG5vdCBhIERPTSB3 cmFwcGVyLgorCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9p ZD0zNDg5OQorCisgICAgICAgIFRlc3Q6IGZhc3QvZG9tL1dpbmRvdy93aW5kb3ctZXZlbnQtb3Zl cnJpZGUtbm8tY3Jhc2guaHRtbAorCisgICAgICAgICogYmluZGluZ3MvdjgvU2NyaXB0Q29udHJv bGxlci5jcHA6CisgICAgICAgIChXZWJDb3JlOjpTY3JpcHRDb250cm9sbGVyOjpwcm9jZXNzaW5n VXNlckdlc3R1cmUpOgorICAgICAgICAqIGJpbmRpbmdzL3Y4L1Y4RE9NV3JhcHBlci5jcHA6Cisg ICAgICAgIChXZWJDb3JlOjpWOERPTVdyYXBwZXI6OmlzVmFsaWRET01PYmplY3QpOgorICAgICAg ICAoV2ViQ29yZTo6VjhET01XcmFwcGVyOjppc1dyYXBwZXJPZlR5cGUpOgorICAgICAgICAqIGJp bmRpbmdzL3Y4L1Y4RE9NV3JhcHBlci5oOgorCiAyMDEwLTAyLTEyICBBbGV4ZXkgUHJvc2t1cnlh a292ICA8YXBAYXBwbGUuY29tPgogCiAgICAgICAgIFJldmlld2VkIGJ5IERhdmlkIExldmluLgpJ bmRleDogV2ViQ29yZS9iaW5kaW5ncy92OC9WOERPTVdyYXBwZXIuY3BwCj09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0t IFdlYkNvcmUvYmluZGluZ3MvdjgvVjhET01XcmFwcGVyLmNwcAkocmV2aXNpb24gNTQ2OTQpCisr KyBXZWJDb3JlL2JpbmRpbmdzL3Y4L1Y4RE9NV3JhcHBlci5jcHAJKHdvcmtpbmcgY29weSkKQEAg LTMyNywxNSArMzI3LDE5IEBACiB9CiAjZW5kaWYKIAotYm9vbCBWOERPTVdyYXBwZXI6OmlzV3Jh cHBlck9mVHlwZSh2ODo6SGFuZGxlPHY4OjpWYWx1ZT4gdmFsdWUsIFY4Q2xhc3NJbmRleDo6VjhX cmFwcGVyVHlwZSBjbGFzc1R5cGUpCitib29sIFY4RE9NV3JhcHBlcjo6aXNWYWxpZERPTU9iamVj dCh2ODo6SGFuZGxlPHY4OjpWYWx1ZT4gdmFsdWUpCiB7CiAgICAgaWYgKHZhbHVlLklzRW1wdHko KSB8fCAhdmFsdWUtPklzT2JqZWN0KCkpCiAgICAgICAgIHJldHVybiBmYWxzZTsKKyAgICByZXR1 cm4gdjg6OkhhbmRsZTx2ODo6T2JqZWN0Pjo6Q2FzdCh2YWx1ZSktPkludGVybmFsRmllbGRDb3Vu dCgpOworfQogCi0gICAgdjg6OkhhbmRsZTx2ODo6T2JqZWN0PiBvYmplY3QgPSB2ODo6SGFuZGxl PHY4OjpPYmplY3Q+OjpDYXN0KHZhbHVlKTsKLSAgICBpZiAoIW9iamVjdC0+SW50ZXJuYWxGaWVs ZENvdW50KCkpCitib29sIFY4RE9NV3JhcHBlcjo6aXNXcmFwcGVyT2ZUeXBlKHY4OjpIYW5kbGU8 djg6OlZhbHVlPiB2YWx1ZSwgVjhDbGFzc0luZGV4OjpWOFdyYXBwZXJUeXBlIGNsYXNzVHlwZSkK K3sKKyAgICBpZiAoIWlzVmFsaWRET01PYmplY3QodmFsdWUpKQogICAgICAgICByZXR1cm4gZmFs c2U7CiAKKyAgICB2ODo6SGFuZGxlPHY4OjpPYmplY3Q+IG9iamVjdCA9IHY4OjpIYW5kbGU8djg6 Ok9iamVjdD46OkNhc3QodmFsdWUpOwogICAgIEFTU0VSVChvYmplY3QtPkludGVybmFsRmllbGRD b3VudCgpID49IHY4RGVmYXVsdFdyYXBwZXJJbnRlcm5hbEZpZWxkQ291bnQpOwogCiAgICAgdjg6 OkhhbmRsZTx2ODo6VmFsdWU+IHdyYXBwZXIgPSBvYmplY3QtPkdldEludGVybmFsRmllbGQodjhE T01XcmFwcGVyT2JqZWN0SW5kZXgpOwpJbmRleDogV2ViQ29yZS9iaW5kaW5ncy92OC9WOERPTVdy YXBwZXIuaAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09Ci0tLSBXZWJDb3JlL2JpbmRpbmdzL3Y4L1Y4RE9NV3JhcHBlci5o CShyZXZpc2lvbiA1NDY5NCkKKysrIFdlYkNvcmUvYmluZGluZ3MvdjgvVjhET01XcmFwcGVyLmgJ KHdvcmtpbmcgY29weSkKQEAgLTE3OSw2ICsxNzksOCBAQAogICAgICAgICBzdGF0aWMgdm9pZCBz ZXRKU1dyYXBwZXJGb3JBY3RpdmVET01PYmplY3Qodm9pZCosIHY4OjpQZXJzaXN0ZW50PHY4OjpP YmplY3Q+KTsKICAgICAgICAgc3RhdGljIHZvaWQgc2V0SlNXcmFwcGVyRm9yRE9NTm9kZShOb2Rl Kiwgdjg6OlBlcnNpc3RlbnQ8djg6Ok9iamVjdD4pOwogCisgICAgICAgIHN0YXRpYyBib29sIGlz VmFsaWRET01PYmplY3Qodjg6OkhhbmRsZTx2ODo6VmFsdWU+KTsKKwogICAgICAgICAvLyBDaGVj ayB3aGV0aGVyIGEgVjggdmFsdWUgaXMgYSB3cmFwcGVyIG9mIHR5cGUgfGNsYXNzVHlwZXwuCiAg ICAgICAgIHN0YXRpYyBib29sIGlzV3JhcHBlck9mVHlwZSh2ODo6SGFuZGxlPHY4OjpWYWx1ZT4s IFY4Q2xhc3NJbmRleDo6VjhXcmFwcGVyVHlwZSk7CiAKSW5kZXg6IFdlYkNvcmUvYmluZGluZ3Mv djgvU2NyaXB0Q29udHJvbGxlci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2ViQ29yZS9iaW5kaW5ncy92 OC9TY3JpcHRDb250cm9sbGVyLmNwcAkocmV2aXNpb24gNTQ2OTQpCisrKyBXZWJDb3JlL2JpbmRp bmdzL3Y4L1NjcmlwdENvbnRyb2xsZXIuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0xNzEsNyArMTcx LDcgQEAKIAogICAgIHY4OjpIYW5kbGU8djg6Ok9iamVjdD4gZ2xvYmFsID0gdjhDb250ZXh0LT5H bG9iYWwoKTsKICAgICB2ODo6SGFuZGxlPHY4OjpWYWx1ZT4ganNFdmVudCA9IGdsb2JhbC0+R2V0 KHY4OjpTdHJpbmc6Ok5ld1N5bWJvbCgiZXZlbnQiKSk7Ci0gICAgRXZlbnQqIGV2ZW50ID0gKCFq c0V2ZW50LklzRW1wdHkoKSAmJiBqc0V2ZW50LT5Jc09iamVjdCgpKSA/IFY4RXZlbnQ6OnRvTmF0 aXZlKHY4OjpIYW5kbGU8djg6Ok9iamVjdD46OkNhc3QoanNFdmVudCkpIDogMDsKKyAgICBFdmVu dCogZXZlbnQgPSBWOERPTVdyYXBwZXI6OmlzVmFsaWRET01PYmplY3QoanNFdmVudCkgPyBWOEV2 ZW50Ojp0b05hdGl2ZSh2ODo6SGFuZGxlPHY4OjpPYmplY3Q+OjpDYXN0KGpzRXZlbnQpKSA6IDA7 CiAKICAgICAvLyBCYXNlZCBvbiBjb2RlIGZyb20ga2pzX2JpbmRpbmdzLmNwcC4KICAgICAvLyBO b3RlOiBUaGlzIGlzIG1vcmUgbGliZXJhbCB0aGFuIEZpcmVmb3gncyBpbXBsZW1lbnRhdGlvbi4K SW5kZXg6IExheW91dFRlc3RzL2Zhc3QvZG9tL1dpbmRvdy93aW5kb3ctZXZlbnQtb3ZlcnJpZGUt bm8tY3Jhc2gtZXhwZWN0ZWQudHh0Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL2Zhc3QvZG9t L1dpbmRvdy93aW5kb3ctZXZlbnQtb3ZlcnJpZGUtbm8tY3Jhc2gtZXhwZWN0ZWQudHh0CShyZXZp c2lvbiAwKQorKysgTGF5b3V0VGVzdHMvZmFzdC9kb20vV2luZG93L3dpbmRvdy1ldmVudC1vdmVy cmlkZS1uby1jcmFzaC1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEgQEAKKyBU aGlzIHRlc3QgZW5zdXJlcyB0aGF0IHdpbmRvdy5ldmVudCBjYW4gYmUgc2V0IHRvIGEgbWVhbmlu Z2xlc3Mgb2JqZWN0IChhbmQgaW1tZWRpYXRlbHkgYmUgdXNlZCBpbnRlcm5hbGx5KSB3aXRob3V0 IGNhdXNpbmcgYSBjcmFzaC4KXCBObyBuZXdsaW5lIGF0IGVuZCBvZiBmaWxlCkluZGV4OiBMYXlv dXRUZXN0cy9mYXN0L2RvbS9XaW5kb3cvd2luZG93LWV2ZW50LW92ZXJyaWRlLW5vLWNyYXNoLmh0 bWwKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvZmFzdC9kb20vV2luZG93L3dpbmRvdy1ldmVu dC1vdmVycmlkZS1uby1jcmFzaC5odG1sCShyZXZpc2lvbiAwKQorKysgTGF5b3V0VGVzdHMvZmFz dC9kb20vV2luZG93L3dpbmRvdy1ldmVudC1vdmVycmlkZS1uby1jcmFzaC5odG1sCShyZXZpc2lv biAwKQpAQCAtMCwwICsxLDE0IEBACis8aHRtbD4KKzxib2R5PgorPHNjcmlwdD4KKyAgICBpZiAo d2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKQorICAgICAgICBsYXlvdXRUZXN0Q29udHJvbGxl ci5kdW1wQXNUZXh0KCk7CisKK3dpbmRvdy5ldmVudCA9IG5ldyBPYmplY3Q7Cit2YXIgaWZyYW1l ID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiaWZyYW1lIik7Citkb2N1bWVudC5ib2R5LmFwcGVu ZENoaWxkKGlmcmFtZSk7CitpZnJhbWUuc3JjID0gInJlc291cmNlcy9ibGFuay5odG1sIjsKKzwv c2NyaXB0PgorVGhpcyB0ZXN0IGVuc3VyZXMgdGhhdCB3aW5kb3cuZXZlbnQgY2FuIGJlIHNldCB0 byBhIG1lYW5pbmdsZXNzIG9iamVjdCAoYW5kIGltbWVkaWF0ZWx5IGJlIHVzZWQgaW50ZXJuYWxs eSkgd2l0aG91dCBjYXVzaW5nIGEgY3Jhc2guCis8L2JvZHk+Cis8L2h0bWw+ClwgTm8gbmV3bGlu ZSBhdCBlbmQgb2YgZmlsZQpJbmRleDogTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCj09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K LS0tIExheW91dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNpb24gNTQ3MjcpCisrKyBMYXlvdXRUZXN0 cy9DaGFuZ2VMb2cJKHdvcmtpbmcgY29weSkKQEAgLTEsMyArMSwxMiBAQAorMjAxMC0wMi0xMiAg TmF0ZSBDaGFwaW4gIDxqYXBoZXRAY2hyb21pdW0ub3JnPgorCisgICAgICAgIFJldmlld2VkIGJ5 IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFRlc3QgZm9yIGh0dHBzOi8vYnVncy53ZWJraXQu b3JnL3Nob3dfYnVnLmNnaT9pZD0zNDg5OQorCisgICAgICAgICogZmFzdC9kb20vV2luZG93L3dp bmRvdy1ldmVudC1vdmVycmlkZS1uby1jcmFzaC1leHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAg ICAqIGZhc3QvZG9tL1dpbmRvdy93aW5kb3ctZXZlbnQtb3ZlcnJpZGUtbm8tY3Jhc2guaHRtbDog QWRkZWQuCisKIDIwMTAtMDItMTIgIERpZWdvIEdvbnphbGV6ICA8ZGllZ28uZ29uemFsZXpAb3Bl bmJvc3NhLm9yZz4KIAogICAgICAgICBSZXZpZXdlZCBieSBLZW5uZXRoIFJvaGRlIENocmlzdGlh bnNlbi4K