Bug 76944

Summary: [Chromium][V8] DOMWindow::postMessage crashes if window disassociated with frame
Product: WebKit Reporter: Dmitry Lomov <dslomov>
Component: WebCore Misc.Assignee: Dmitry Lomov <dslomov>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, dslomov, japhet, levin, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Fix none

Dmitry Lomov
Reported 2012-01-24 13:59:06 PST
Chromium bug report: http://code.google.com/p/chromium/issues/detail?id=111076 Thread 0 *CRASHED* ( EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000418 ) 0x61cdbf40 [chrome.dll - frame.cpp:655 WebCore::Frame::domWindow() 0x6314a3f5 [chrome.dll - v8domwindowcustom.cpp:301 WebCore::handlePostMessageCallback 0x61d9cf63 [chrome.dll - ic.cc:499 v8::internal::CallICBase::LoadFunction(v8::internal::InlineCacheState,int,v8::internal::Handle<v8::internal::Object>,v8::internal::Handle<v8::internal::String>) 0x61d9cfe3 [chrome.dll - ic.cc:515 v8::internal::CallICBase::LoadFunction(v8::internal::InlineCacheState,int,v8::internal::Handle<v8::internal::Object>,v8::internal::Handle<v8::internal::String>) 0x61dac014 [chrome.dll - builtins.cc:1132 v8::internal::TypeCheck 0x6314a6f1 [chrome.dll - v8domwindowcustom.cpp:349 WebCore::V8DOMWindow::postMessageCallback(v8::Arguments const &) 0x61dba506 [chrome.dll - builtins.cc:1220 v8::internal::HandleApiCallHelper<0> 0x61dba348 [chrome.dll - variables.cc:94 v8::internal::Variable::CompareIndex(v8::internal::Variable * const *,v8::internal::Variable * const *) 0x6314a6e0 [chrome.dll + 0x017aa6e0]
Attachments
Fix (3.26 KB, patch)
2012-01-24 14:03 PST, Dmitry Lomov 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Dmitry Lomov
Comment 1 2012-01-24 14:03:55 PST
Created attachment 123804 [details] Fix
David Levin
Comment 2 2012-01-24 14:11:41 PST
Nice!
WebKit Review Bot
Comment 3 2012-01-24 14:52:39 PST
Comment on attachment 123804 [details] Fix Clearing flags on attachment: 123804 Committed r105815: <http://trac.webkit.org/changeset/105815>
WebKit Review Bot
Comment 4 2012-01-24 14:52:44 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.