Bug 35575

Summary:

[V8] crash when a plugin throws a javascript exception when no v8 context exists

Product:

WebKit

Reporter:

Leon Clarke <leonclarke>

Component:

WebCore JavaScript

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED WONTFIX

Severity:

Normal

CC:

andersca, android-webkit-unforking, ap, levin

Priority:

Version:

528+ (Nightly build)

Hardware:

Android

OS:

Linux

Attachments:

Description	Flags
Patch 1	ap: review-

Leon Clarke

Reported 2010-03-02 03:42:24 PST

When a plugin sets a script exception on an object that isn't a javascript object, we would usually attempt to log it to the javascript console. However, if there isn't a javascript context (e.g. the page doesn't contain any javascript) then v8 isn't initialized enough to pass the error on. In this situation, we should throw the error away rather than crashing.

Attachments
Patch 1 (1.45 KB, patch) 2010-03-02 03:53 PST, Leon Clarke	ap: review-	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Leon Clarke

Comment 1 2010-03-02 03:53:43 PST

Created attachment 49799 [details] Patch 1

Nate Chapin

Comment 2 2010-03-02 10:46:48 PST

Comment on attachment 49799 [details] Patch 1 LGTM. Thanks! Do you need commit-queue+ as well?

Leon Clarke

Comment 3 2010-03-02 10:49:49 PST

Yes please. That'd be great.

Alexey Proskuryakov

Comment 4 2010-03-02 15:39:52 PST

Comment on attachment 49799 [details] Patch 1 Is this covered by existing regression tests? Please add add a test if it's not. r-, since there is no test, and no explanation why one isn't necessary.

Anders Carlsson

Comment 5 2013-05-02 11:24:53 PDT

V8 is gone from WebKit.

Note You need to log in before you can comment on or make changes to this bug.