Summary: | REGRESSION: Yahoo New Charts Crashes WebKit. | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | David Scheck <opendarwin> | ||||||||||
Component: | WebCore JavaScript | Assignee: | Darin Adler <darin> | ||||||||||
Status: | RESOLVED FIXED | ||||||||||||
Severity: | Normal | CC: | ap, mitz, mrowe, troyb | ||||||||||
Priority: | P1 | Keywords: | HasReduction, Regression | ||||||||||
Version: | 420+ | ||||||||||||
Hardware: | Mac | ||||||||||||
OS: | OS X 10.4 | ||||||||||||
URL: | http://finance.yahoo.com/charts#symbol=AAPL;range=1d | ||||||||||||
Attachments: |
|
Description
David Scheck
2006-09-13 06:30:26 PDT
Created attachment 10524 [details]
Crash log
ASSERTION FAILED: p (WebCore/bindings/js/kjs_window.cpp:378 static KJS::JSValue* KJS::Window::retrieve(WebCore::Frame*)) Created attachment 10530 [details]
Reduction (will assert or crash)
The crash happens when trying to access the location property of a document that is no longer associated with a frame. I think the document's URL can be a good fallback in this case.
*** Bug 10955 has been marked as a duplicate of this bug. *** Created attachment 10677 [details]
Proposed patch
Patch to return null in line with Firefox
Comment on attachment 10677 [details]
Proposed patch
Oi! Who put those tabs in there... :-/
Created attachment 10678 [details]
Proposed patch without the tabs
Comment on attachment 10678 [details]
Proposed patch without the tabs
Looks good to me. Too bad this logic can't be put in the DOM c++ implementation class. That would sure make later auto-generation of JSHTMLDocument easier.
Curious. I wonder if this is broken in the Obj-C version of this wrapper?
Otherwise it looks fine. r=me.
> Too bad this logic can't be put in the DOM c++ implementation class.
Cannot the check be inside retrieveWindow() itself?
(In reply to comment #10) > > Too bad this logic can't be put in the DOM c++ implementation class. > > Cannot the check be inside retrieveWindow() itself? Yes. retrieveWindow should return 0 in this case. And we can change the jsUndefined() to jsNull(). We should make that change instead of this one. (In reply to comment #9) > (From update of attachment 10678 [details] [edit]) > Too bad this logic can't be put in the DOM C++ implementation class. This logic *can* be put into the DOM C++ implementation class. I'm going to do that. (In reply to comment #12) > (In reply to comment #9) > > (From update of attachment 10678 [details] [edit] [edit]) > > Too bad this logic can't be put in the DOM C++ implementation class. > > This logic *can* be put into the DOM C++ implementation class. I'm going to do > that. Actually, it can't because there is no C++ implementation for this method yet. So the patch is fine as-is. Also, I think the frame nil check is a good solution -- no need to change Window::retrieve just to fix this, although we could consider making that change later. Landed in r16881. |