RESOLVED FIXED 25290
REGRESSION(r41732): Crash when constructing XMLHttpRequest in a detached document 
https://bugs.webkit.org/show_bug.cgi?id=25290
Summary REGRESSION(r41732): Crash when constructing XMLHttpRequest in a detached docu...
Alexey Proskuryakov
Reported 2009-04-20 01:51:09 PDT
Now that JSXMLHttpRequestConstructor (and other constructors) are tied to a global object, not to a script execution context, we need to take care of edge cases where converting from ScriptExecutionContext to JSDOMGlobalObject doesn't work. Namely, both exist for a detached document, but toJSDOMGlobalObject(scriptExecutionContext) returns 0. Patch forthcoming.
Attachments
proposed patch (15.86 KB, patch)
2009-04-20 12:58 PDT, Alexey Proskuryakov 		darin: review-
DetailsFormatted DiffDiff
proposed patch (14.29 KB, patch)
2009-04-20 14:05 PDT, Alexey Proskuryakov 		darin: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2009-04-20 12:58:17 PDT
Created attachment 29621 [details] proposed patch
Darin Adler
Comment 2 2009-04-20 13:55:36 PDT
Comment on attachment 29621 [details] proposed patch > + KURL url = this->url(); > + NSURL* nsURL; > + if (m_responseContentDispositionEncodingFallbackArray.isEmpty()) > + nsURL = url; > + else { > + CString urlString = TextEncoding(m_responseContentDispositionEncodingFallbackArray[0]).encode(url.string().characters(), url.string().length(), URLEncodedEntitiesForUnencodables); > + RetainPtr<CFURLRef> cfURL = CFURLCreateAbsoluteURLWithBytes(kCFAllocatorDefault, (const UInt8*)urlString.data(), urlString.length(), CFStringConvertIANACharSetNameToEncoding(m_responseContentDispositionEncodingFallbackArray[0].createCFString()), 0, false); > + nsURL = (NSURL*)cfURL.get(); > + [[nsURL retain] autorelease];; > + } > + > if (nsRequest) > - [nsRequest setURL:url()]; > + [nsRequest setURL:nsURL]; > else > - nsRequest = [[NSMutableURLRequest alloc] initWithURL:url()]; > + nsRequest = [[NSMutableURLRequest alloc] initWithURL:nsURL]; I suggest making the new nsURL variable a RetainPtr<NSURL*>, and therefore avoiding autorelease. Is there a way we could avoid There are double semicolons on the line that calls autorelease. A local variable for the encoding name would make the expression easier to read. This code leaks the string created by createCFString; probably best to fix that using a RetainPtr<CFStringRef>. review- because of the leak
Alexey Proskuryakov
Comment 3 2009-04-20 14:05:21 PDT
Created attachment 29624 [details] proposed patch > I suggest making the new nsURL variable a RetainPtr<NSURL*>, and therefore > avoiding autorelease. Oops! Sorry, this code is completely unrelated, and certainly not ready for review. Submitting a hopefully clean patch...
Darin Adler
Comment 4 2009-04-20 14:18:44 PDT
Comment on attachment 29624 [details] proposed patch r=me
Alexey Proskuryakov
Comment 5 2009-04-21 01:26:32 PDT
Committed <http://trac.webkit.org/changeset/42700>.
Note You need to log in before you can comment on or make changes to this bug.