Bug 68122

Summary: Unzip initialization lists and constructors in JSCell hierarchy (7/7)
Product: WebKit Reporter: Mark Hahnenberg <mhahnenberg>
Component: JavaScriptCoreAssignee: Mark Hahnenberg <mhahnenberg>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, oliver, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 67692    
Bug Blocks: 66567    
Attachments:
Description Flags
Patch none

Description Mark Hahnenberg 2011-09-14 15:12:06 PDT 
This is the seventh (and final) level of the unzipping process described in https://bugs.webkit.org/show_bug.cgi?id=66567.
Comment 1 Mark Hahnenberg 2011-09-14 17:05:58 PDT 
Created attachment 107424 [details]
Patch
Comment 2 Geoffrey Garen 2011-09-15 11:39:25 PDT 
Comment on attachment 107424 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=107424&action=review

r=me

> Source/WebKit/mac/Plugins/Hosted/ProxyInstance.mm:188
>          // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object
>          // exec-globalData() is also likely wrong.
>          Structure* domStructure = deprecatedGetDOMStructure<ProxyRuntimeMethod>(exec);

Can you remove this FIXME?

> Source/WebKit/mac/Plugins/Hosted/ProxyRuntimeObject.h:46
>          // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object.
>          // exec->globalData() is also likely wrong.
>          JSC::Structure* structure = WebCore::deprecatedGetDOMStructure<ProxyRuntimeObject>(exec);

Ditto.
Comment 3 Mark Hahnenberg 2011-09-15 12:53:34 PDT 
> > Source/WebKit/mac/Plugins/Hosted/ProxyInstance.mm:188
> >          // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object
> >          // exec-globalData() is also likely wrong.
> >          Structure* domStructure = deprecatedGetDOMStructure<ProxyRuntimeMethod>(exec);
> 
> Can you remove this FIXME?
I talked to Oliver, and I think it still needs to be fixed.  We can probably just use the JSGlobalObject that's passed into the create method, but we should ASSERT that the JSGlobalObject is indeed a JSDOMGlobalObject.  It's probably better to do as a separate patch.
Comment 4 Oliver Hunt 2011-09-15 13:01:46 PDT 
(In reply to comment #3)
> > > Source/WebKit/mac/Plugins/Hosted/ProxyInstance.mm:188
> > >          // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object
> > >          // exec-globalData() is also likely wrong.
> > >          Structure* domStructure = deprecatedGetDOMStructure<ProxyRuntimeMethod>(exec);
> > 
> > Can you remove this FIXME?
> I talked to Oliver, and I think it still needs to be fixed.  We can probably just use the JSGlobalObject that's passed into the create method, but we should ASSERT that the JSGlobalObject is indeed a JSDOMGlobalObject.  It's probably better to do as a separate patch.

No, you should be using the global object that comes from this, e.g.. this->globalObject() -- that ensure the method from a runtime object has the same origin global object (and hence prototypes, etc) as the actual object being accessed.
Comment 5 Mark Hahnenberg 2011-09-15 13:34:07 PDT 
> No, you should be using the global object that comes from this, e.g.. this->globalObject() -- that ensure the method from a runtime object has the same origin global object (and hence prototypes, etc) as the actual object being accessed.

Bottom line: this is still broken and will take at least an additional patch to fix, along with some info from Anders about how we currently store RootObjects for plugins.
Comment 6 WebKit Review Bot 2011-09-15 18:18:57 PDT 
Comment on attachment 107424 [details]
Patch

Clearing flags on attachment: 107424

Committed r95250: <http://trac.webkit.org/changeset/95250>
Comment 7 WebKit Review Bot 2011-09-15 18:19:01 PDT 
All reviewed patches have been landed.  Closing bug.