Bug 68122

Summary: Unzip initialization lists and constructors in JSCell hierarchy (7/7)
Product: WebKit Reporter: Mark Hahnenberg <mhahnenberg>
Component: JavaScriptCoreAssignee: Mark Hahnenberg <mhahnenberg>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, oliver, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 67692    
Bug Blocks: 66567    
Attachments:
Description Flags
Patch none

Mark Hahnenberg
Reported 2011-09-14 15:12:06 PDT
This is the seventh (and final) level of the unzipping process described in https://bugs.webkit.org/show_bug.cgi?id=66567.
Attachments
Patch (31.88 KB, patch)
2011-09-14 17:05 PDT, Mark Hahnenberg 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Hahnenberg
Comment 1 2011-09-14 17:05:58 PDT
Created attachment 107424 [details] Patch
Geoffrey Garen
Comment 2 2011-09-15 11:39:25 PDT
Comment on attachment 107424 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=107424&action=review r=me > Source/WebKit/mac/Plugins/Hosted/ProxyInstance.mm:188 > // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object > // exec-globalData() is also likely wrong. > Structure* domStructure = deprecatedGetDOMStructure<ProxyRuntimeMethod>(exec); Can you remove this FIXME? > Source/WebKit/mac/Plugins/Hosted/ProxyRuntimeObject.h:46 > // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object. > // exec->globalData() is also likely wrong. > JSC::Structure* structure = WebCore::deprecatedGetDOMStructure<ProxyRuntimeObject>(exec); Ditto.
Mark Hahnenberg
Comment 3 2011-09-15 12:53:34 PDT
> > Source/WebKit/mac/Plugins/Hosted/ProxyInstance.mm:188 > > // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object > > // exec-globalData() is also likely wrong. > > Structure* domStructure = deprecatedGetDOMStructure<ProxyRuntimeMethod>(exec); > > Can you remove this FIXME? I talked to Oliver, and I think it still needs to be fixed. We can probably just use the JSGlobalObject that's passed into the create method, but we should ASSERT that the JSGlobalObject is indeed a JSDOMGlobalObject. It's probably better to do as a separate patch.
Oliver Hunt
Comment 4 2011-09-15 13:01:46 PDT
(In reply to comment #3) > > > Source/WebKit/mac/Plugins/Hosted/ProxyInstance.mm:188 > > > // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object > > > // exec-globalData() is also likely wrong. > > > Structure* domStructure = deprecatedGetDOMStructure<ProxyRuntimeMethod>(exec); > > > > Can you remove this FIXME? > I talked to Oliver, and I think it still needs to be fixed. We can probably just use the JSGlobalObject that's passed into the create method, but we should ASSERT that the JSGlobalObject is indeed a JSDOMGlobalObject. It's probably better to do as a separate patch. No, you should be using the global object that comes from this, e.g.. this->globalObject() -- that ensure the method from a runtime object has the same origin global object (and hence prototypes, etc) as the actual object being accessed.
Mark Hahnenberg
Comment 5 2011-09-15 13:34:07 PDT
> No, you should be using the global object that comes from this, e.g.. this->globalObject() -- that ensure the method from a runtime object has the same origin global object (and hence prototypes, etc) as the actual object being accessed. Bottom line: this is still broken and will take at least an additional patch to fix, along with some info from Anders about how we currently store RootObjects for plugins.
WebKit Review Bot
Comment 6 2011-09-15 18:18:57 PDT
Comment on attachment 107424 [details] Patch Clearing flags on attachment: 107424 Committed r95250: <http://trac.webkit.org/changeset/95250>
WebKit Review Bot
Comment 7 2011-09-15 18:19:01 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.