RESOLVED FIXED 15980
JSCustomSQLTransactionCallback incorrectly converts exception values toObject without checking first. 
https://bugs.webkit.org/show_bug.cgi?id=15980
Summary JSCustomSQLTransactionCallback incorrectly converts exception values toObject...
Brady Eidson
Reported 2007-11-13 22:50:33 PST
See http://bugs.webkit.org/show_bug.cgi?id=15976 and the layout test in LayoutTests/storage/transaction_callback_exception_crash.html When an exception is thrown from within a callback, it is logged to the console. But instead of being useful information, the message is simply "undefined" "throw 0;" and "throw <some string>;" both result in this lack of information.
Attachments
Add attachment proposed patch, testcase, etc.
Oliver Hunt
Comment 1 2008-07-20 01:47:46 PDT
This is caused by the database code assuming the converting a thrown primitive object to a value will result in it becoming an object with exception information attached (which it can't). The guilty lines are: 131 if (exec->hadException()) { 132 JSObject* exception = exec->exception()->toObject(exec); 133 String message = exception->get(exec, exec->propertyNames().message)->toString(exec); 134 int lineNumber = exception->get(exec, Identifier(exec, "line"))->toInt32(exec); 135 String sourceURL = exception->get(exec, Identifier(exec, "sourceURL"))->toString(exec); 136 m_data->frame()->domWindow()->console()->addMessage(JSMessageSource, ErrorMessageLevel, message, lineNumber, sourceURL); 137 exec->clearException(); 138 139 raisedException = true; 140 } in JSCustomSQLTransactionCallback.cpp
Oliver Hunt
Comment 2 2008-07-20 01:51:19 PDT
(Also, due to the lack of an isObject check the toObject call may itself throw. Yay!)
Dimitri Glazkov (Google)
Comment 3 2009-01-31 20:52:12 PST
This has been fixed in http://trac.webkit.org/changeset/38595.
Note You need to log in before you can comment on or make changes to this bug.