Bug 25290

Summary:

REGRESSION(r41732): Crash when constructing XMLHttpRequest in a detached document

Product:

WebKit

Reporter:

Alexey Proskuryakov <ap>

Component:

WebCore JavaScript

Assignee:

Alexey Proskuryakov <ap>

Status:

RESOLVED FIXED

Severity:

Normal

Keywords:

Regression

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
proposed patch	darin: review-
proposed patch	darin: review+

Alexey Proskuryakov

Reported 2009-04-20 01:51:09 PDT

Now that JSXMLHttpRequestConstructor (and other constructors) are tied to a global object, not to a script execution context, we need to take care of edge cases where converting from ScriptExecutionContext to JSDOMGlobalObject doesn't work. Namely, both exist for a detached document, but toJSDOMGlobalObject(scriptExecutionContext) returns 0. Patch forthcoming.

Attachments
proposed patch (15.86 KB, patch) 2009-04-20 12:58 PDT, Alexey Proskuryakov	darin: review-	Details Formatted Diff Diff
proposed patch (14.29 KB, patch) 2009-04-20 14:05 PDT, Alexey Proskuryakov	darin: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2009-04-20 12:58:17 PDT

Created attachment 29621 [details] proposed patch

Darin Adler

Comment 2 2009-04-20 13:55:36 PDT

Comment on attachment 29621 [details] proposed patch > + KURL url = this->url(); > + NSURL* nsURL; > + if (m_responseContentDispositionEncodingFallbackArray.isEmpty()) > + nsURL = url; > + else { > + CString urlString = TextEncoding(m_responseContentDispositionEncodingFallbackArray[0]).encode(url.string().characters(), url.string().length(), URLEncodedEntitiesForUnencodables); > + RetainPtr<CFURLRef> cfURL = CFURLCreateAbsoluteURLWithBytes(kCFAllocatorDefault, (const UInt8*)urlString.data(), urlString.length(), CFStringConvertIANACharSetNameToEncoding(m_responseContentDispositionEncodingFallbackArray[0].createCFString()), 0, false); > + nsURL = (NSURL*)cfURL.get(); > + [[nsURL retain] autorelease];; > + } > + > if (nsRequest) > - [nsRequest setURL:url()]; > + [nsRequest setURL:nsURL]; > else > - nsRequest = [[NSMutableURLRequest alloc] initWithURL:url()]; > + nsRequest = [[NSMutableURLRequest alloc] initWithURL:nsURL]; I suggest making the new nsURL variable a RetainPtr<NSURL*>, and therefore avoiding autorelease. Is there a way we could avoid There are double semicolons on the line that calls autorelease. A local variable for the encoding name would make the expression easier to read. This code leaks the string created by createCFString; probably best to fix that using a RetainPtr<CFStringRef>. review- because of the leak

Alexey Proskuryakov

Comment 3 2009-04-20 14:05:21 PDT

Created attachment 29624 [details] proposed patch > I suggest making the new nsURL variable a RetainPtr<NSURL*>, and therefore > avoiding autorelease. Oops! Sorry, this code is completely unrelated, and certainly not ready for review. Submitting a hopefully clean patch...

Darin Adler

Comment 4 2009-04-20 14:18:44 PDT

Comment on attachment 29624 [details] proposed patch r=me

Alexey Proskuryakov

Comment 5 2009-04-21 01:26:32 PDT

Committed <http://trac.webkit.org/changeset/42700>.

Note You need to log in before you can comment on or make changes to this bug.