Bug 36976

Summary: REGRESSION(r54783): Silverlight plug-in causes Safari to crash if JavaScript is disabled
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: Plug-insAssignee: Alexey Proskuryakov <ap>
Status: RESOLVED FIXED    
Severity: Normal CC: darin
Priority: P1 Keywords: InRadar, Regression
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: OS X 10.6   
Attachments:
Description Flags
proposed fix
oliver: review+
more fixes darin: review+

Alexey Proskuryakov
Reported 2010-04-01 12:13:52 PDT
If JavaScript is disabled then loading a page that contains the Silverlight plug-in will cause Safari to crash. * STEPS TO REPRODUCE 1. Disable JavaScript. 2. Load <http://feralpixel.com/default.htm#/Algorithms/A13.xaml>. * RESULTS Crash.
Attachments
proposed fix (2.29 KB, patch)
2010-04-01 12:48 PDT, Alexey Proskuryakov 		oliver: review+
DetailsFormatted DiffDiff
more fixes (2.50 KB, patch)
2010-04-01 13:26 PDT, Alexey Proskuryakov 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2010-04-01 12:48:24 PDT
Created attachment 52323 [details] proposed fix
Alexey Proskuryakov
Comment 2 2010-04-01 12:48:43 PDT
<rdar://problem/7817498>
Oliver Hunt
Comment 3 2010-04-01 12:51:03 PDT
Comment on attachment 52323 [details] proposed fix r=me
Darin Adler
Comment 4 2010-04-01 12:58:36 PDT
Comment on attachment 52323 [details] proposed fix > + (WebKit::NetscapePluginInstanceProxy::LocalObjectMap::get): Use find() instead of get(), > + because the latter fails with an assertion when looking up 0 or -1. Why doesn't find() fail with an assertion looking up 0 or -1? Makes no sense to me that it would not.
Alexey Proskuryakov
Comment 5 2010-04-01 13:00:01 PDT
Committed <http://trac.webkit.org/changeset/56932>.
Alexey Proskuryakov
Comment 6 2010-04-01 13:14:06 PDT
That's because find() has an early return if m_table is null, and get() doesn't. You are right, the first part of this change is incorrect.
Alexey Proskuryakov
Comment 7 2010-04-01 13:26:01 PDT
Created attachment 52326 [details] more fixes
Darin Adler
Comment 8 2010-04-01 13:54:50 PDT
Comment on attachment 52326 [details] more fixes r=me
Alexey Proskuryakov
Comment 9 2010-04-01 14:00:20 PDT
Follow-up committed <http://trac.webkit.org/changeset/56935>.
Note You need to log in before you can comment on or make changes to this bug.