RESOLVED FIXED70064
Chromium: The NPObjectWrapper class used by V8 bindings to wrap the window object is not allocated correctly. 
https://bugs.webkit.org/show_bug.cgi?id=70064
Summary Chromium: The NPObjectWrapper class used by V8 bindings to wrap the window ob...
Ananta Iyengar
Reported 2011-10-13 15:20:00 PDT
This is a Chromium only bug. The NPAllocate function in this class should allocate the NPProxyObject structure. It ends up allocating the NPObectWrapper instance which is wrong. The getObjectForCall function in this class should return NULL if it fails to find the underlying NPObject. It currently returns the same object back which could cause a recursive crash.
Attachments
proposed patch (2.69 KB, patch)
2011-10-13 16:20 PDT, Ananta Iyengar 		japhet: review+
webkit.review.bot: commit-queue-
DetailsFormatted DiffDiff
Patch with line endings fixed. (15.13 KB, patch)
2011-10-13 16:54 PDT, Ananta Iyengar 		no flags
DetailsFormatted DiffDiff
Patch (18.01 KB, patch)
2011-10-13 17:26 PDT, Abhishek Arya 		abarth: review+
webkit.review.bot: commit-queue-
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Ananta Iyengar
Comment 1 2011-10-13 16:20:01 PDT
Created attachment 110923 [details] proposed patch
WebKit Review Bot
Comment 2 2011-10-13 16:39:25 PDT
Comment on attachment 110923 [details] proposed patch Rejecting attachment 110923 [details] from commit-queue. Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '-..." exit_code: 2 Last 500 characters of output: ]" exit_code: 1 Parsed 3 diffs from patch file(s). patching file Source/WebCore/ChangeLog Hunk #1 succeeded at 1 with fuzz 3. patching file Source/WebCore/bindings/v8/NPObjectWrapper.cpp Hunk #1 FAILED at 84. 1 out of 1 hunk FAILED -- saving rejects to file Source/WebCore/bindings/v8/NPObjectWrapper.cpp.rej patching file Source/WebCore/bindings/v8/NPObjectWrapper.h Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', u'--reviewer', u'Nate Chapin', u'--force']" exit_code: 1 Full output: http://queues.webkit.org/results/10052372
Ananta Iyengar
Comment 3 2011-10-13 16:54:06 PDT
Created attachment 110934 [details] Patch with line endings fixed. This patch was already reviewed by Nate Chapin (japhet@chromium.org). It failed to apply probably due to inconsistent line endings. That has been fixed.
Abhishek Arya
Comment 4 2011-10-13 17:26:57 PDT
Created attachment 110941 [details] Patch
Adam Barth
Comment 5 2011-10-13 17:29:31 PDT
Comment on attachment 110941 [details] Patch Ok. Forwarding Nate's R+. Thanks for cleaning up the style and line endings.
WebKit Review Bot
Comment 6 2011-10-13 17:31:22 PDT
Comment on attachment 110941 [details] Patch Rejecting attachment 110941 [details] from commit-queue. Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '-..." exit_code: 2 Last 500 characters of output: Hunk #2 FAILED at 53. Hunk #3 FAILED at 138. Hunk #4 FAILED at 159. 4 out of 4 hunks FAILED -- saving rejects to file Source/WebCore/bindings/v8/NPObjectWrapper.cpp.rej patching file Source/WebCore/bindings/v8/NPObjectWrapper.h Hunk #1 FAILED at 1. Hunk #2 FAILED at 71. 2 out of 2 hunks FAILED -- saving rejects to file Source/WebCore/bindings/v8/NPObjectWrapper.h.rej Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', u'--reviewer', u'Adam Barth', u'--force']" exit_code: 1 Full output: http://queues.webkit.org/results/10052386
Abhishek Arya
Comment 7 2011-10-13 17:36:59 PDT
Committed r97429: <http://trac.webkit.org/changeset/97429>
Note You need to log in before you can comment on or make changes to this bug.