Bug 70064 - Chromium: The NPObjectWrapper class used by V8 bindings to wrap the window object is not allocated correctly.
Summary: Chromium: The NPObjectWrapper class used by V8 bindings to wrap the window ob...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Ananta Iyengar
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-13 15:20 PDT by Ananta Iyengar
Modified: 2011-10-13 17:36 PDT (History)
3 users (show)

See Also:

Attachments
proposed patch (2.69 KB, patch)
2011-10-13 16:20 PDT, Ananta Iyengar 		japhet: review+
webkit.review.bot: commit-queue-
Details | Formatted Diff | Diff
Patch with line endings fixed. (15.13 KB, patch)
2011-10-13 16:54 PDT, Ananta Iyengar 		no flags Details | Formatted Diff | Diff
Patch (18.01 KB, patch)
2011-10-13 17:26 PDT, Abhishek Arya 		abarth: review+
webkit.review.bot: commit-queue-
Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ananta Iyengar 2011-10-13 15:20:00 PDT 
This is a Chromium only bug. The NPAllocate function in this class should allocate the NPProxyObject
structure. It ends up allocating the NPObectWrapper instance which is wrong.

The getObjectForCall function in this class should return NULL if it fails to find the underlying NPObject.
It currently returns the same object back which could cause a recursive crash.
Comment 1 Ananta Iyengar 2011-10-13 16:20:01 PDT 
Created attachment 110923 [details]
proposed patch
Comment 2 WebKit Review Bot 2011-10-13 16:39:25 PDT 
Comment on attachment 110923 [details]
proposed patch

Rejecting attachment 110923 [details] from commit-queue.

Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '-..." exit_code: 2

Last 500 characters of output:
]" exit_code: 1

Parsed 3 diffs from patch file(s).
patching file Source/WebCore/ChangeLog
Hunk #1 succeeded at 1 with fuzz 3.
patching file Source/WebCore/bindings/v8/NPObjectWrapper.cpp
Hunk #1 FAILED at 84.
1 out of 1 hunk FAILED -- saving rejects to file Source/WebCore/bindings/v8/NPObjectWrapper.cpp.rej
patching file Source/WebCore/bindings/v8/NPObjectWrapper.h

Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', u'--reviewer', u'Nate Chapin', u'--force']" exit_code: 1

Full output: http://queues.webkit.org/results/10052372
Comment 3 Ananta Iyengar 2011-10-13 16:54:06 PDT 
Created attachment 110934 [details]
Patch with line endings fixed.

This patch was already reviewed by Nate Chapin (japhet@chromium.org). It failed to apply probably
due to inconsistent line endings. That has been fixed.
Comment 4 Abhishek Arya 2011-10-13 17:26:57 PDT 
Created attachment 110941 [details]
Patch
Comment 5 Adam Barth 2011-10-13 17:29:31 PDT 
Comment on attachment 110941 [details]
Patch

Ok.  Forwarding Nate's R+.  Thanks for cleaning up the style and line endings.
Comment 6 WebKit Review Bot 2011-10-13 17:31:22 PDT 
Comment on attachment 110941 [details]
Patch

Rejecting attachment 110941 [details] from commit-queue.

Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '-..." exit_code: 2

Last 500 characters of output:
Hunk #2 FAILED at 53.
Hunk #3 FAILED at 138.
Hunk #4 FAILED at 159.
4 out of 4 hunks FAILED -- saving rejects to file Source/WebCore/bindings/v8/NPObjectWrapper.cpp.rej
patching file Source/WebCore/bindings/v8/NPObjectWrapper.h
Hunk #1 FAILED at 1.
Hunk #2 FAILED at 71.
2 out of 2 hunks FAILED -- saving rejects to file Source/WebCore/bindings/v8/NPObjectWrapper.h.rej

Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', u'--reviewer', u'Adam Barth', u'--force']" exit_code: 1

Full output: http://queues.webkit.org/results/10052386
Comment 7 Abhishek Arya 2011-10-13 17:36:59 PDT 
Committed r97429: <http://trac.webkit.org/changeset/97429>