diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog index 8702b434b241d7ee16d221c4b4529984bcf20167..da045ee78349f4445cb0613e9115b134666285b5 100644 --- a/LayoutTests/ChangeLog +++ b/LayoutTests/ChangeLog @@ -1,3 +1,15 @@ +2007-03-18 Dan Waylonis + + Reviewed by Tim Hatcher. + + Tests for http://bugs.webkit.org/show_bug.cgi?id=13005 + Bug 13005: WebScriptObject +throwException needs NULL check. + + A plugin that throws on dealloc can crash WebKit. + + * plugins/throw-on-dealloc-expected.txt: Added. + * plugins/throw-on-dealloc.html: Added. + 2007-03-18 Geoffrey Garen Reviewed by Oliver Hunt. diff --git a/LayoutTests/plugins/throw-on-dealloc-expected.txt b/LayoutTests/plugins/throw-on-dealloc-expected.txt new file mode 100644 index 0000000000000000000000000000000000000000..8b137891791fe96927ad78e64b0aad7bded08bdc --- /dev/null +++ b/LayoutTests/plugins/throw-on-dealloc-expected.txt @@ -0,0 +1 @@ + diff --git a/LayoutTests/plugins/throw-on-dealloc.html b/LayoutTests/plugins/throw-on-dealloc.html new file mode 100644 index 0000000000000000000000000000000000000000..6c199fe35691ac2e57632d5060d62b4257d20d57 --- /dev/null +++ b/LayoutTests/plugins/throw-on-dealloc.html @@ -0,0 +1,27 @@ + +ThrowOnDealloc + + + +
+ + diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog index 155040bb49997a749fa1c9e3763389ffb8fb15d3..cf6649a53ff24488afcd66ed1e9574041fd9b2f4 100644 --- a/WebCore/ChangeLog +++ b/WebCore/ChangeLog @@ -1,3 +1,15 @@ +2007-03-18 Dan Waylonis + + Reviewed by Tim Hatcher. + + Fix http://bugs.webkit.org/show_bug.cgi?id=13005 + Bug 13005: WebScriptObject +throwException needs NULL check. + + Add checking for NULL interpreter before throwing exception. + + * bindings/objc/WebScriptObject.mm: + (+[WebScriptObject throwException:]): + 2007-03-18 Geoffrey Garen Reviewed by Oliver Hunt. diff --git a/WebCore/bindings/objc/WebScriptObject.mm b/WebCore/bindings/objc/WebScriptObject.mm index 1543a5517af9080483ce5d043f93060253cb8967..725755d3dca20b4ff44682f7f0f023a2593c00c9 100644 --- a/WebCore/bindings/objc/WebScriptObject.mm +++ b/WebCore/bindings/objc/WebScriptObject.mm @@ -168,6 +168,9 @@ static void _didExecute(WebScriptObject *obj) // in which case this will have to change. first = interp; do { + if (!interp) + return NO; + // If the interpreter has a context, we set the exception. if (interp->context()) { ExecState *exec = interp->context()->execState(); diff --git a/WebKitTools/ChangeLog b/WebKitTools/ChangeLog index 80548fcc7699f27bd8180779e4379931bb2611b7..7bf54a8e389d0a0848490dd93fe5d02c6d8f16e9 100644 --- a/WebKitTools/ChangeLog +++ b/WebKitTools/ChangeLog @@ -1,3 +1,18 @@ +2007-03-18 Dan Waylonis + + Reviewed by Tim Hatcher. + + DumpRenderTree changes for http://bugs.webkit.org/show_bug.cgi?id=13005 + Bug 13005: WebScriptObject +throwException needs NULL check. + + Add tests to ensure that a plugin can safely throw an exception in dealloc. + + * DumpRenderTree/ObjCPlugin.h: + * DumpRenderTree/ObjCPlugin.m: + (+[ObjCPlugin webScriptNameForKey:]): + (+[ObjCPlugin isKeyExcludedFromWebScript:]): + (-[ObjCPlugin dealloc]): + 2007-03-13 Mark Rowe Reviewed by Maciej. diff --git a/WebKitTools/DumpRenderTree/ObjCPlugin.h b/WebKitTools/DumpRenderTree/ObjCPlugin.h index e659f0f01eb7ff2f0c6b62a31e96abd2b676d934..a6d3e50c16245e9b30ae40016f57647766d7d95f 100644 --- a/WebKitTools/DumpRenderTree/ObjCPlugin.h +++ b/WebKitTools/DumpRenderTree/ObjCPlugin.h @@ -28,6 +28,7 @@ @interface ObjCPlugin : NSObject { + BOOL throwOnDealloc; } - (void)removeBridgeRestrictions:(id)container; diff --git a/WebKitTools/DumpRenderTree/ObjCPlugin.m b/WebKitTools/DumpRenderTree/ObjCPlugin.m index 0f66aaaeca14a64dbd09cab85446f85e1674e4d8..18b174c32cd8678f851c167b26df7d8d7328e771 100644 --- a/WebKitTools/DumpRenderTree/ObjCPlugin.m +++ b/WebKitTools/DumpRenderTree/ObjCPlugin.m @@ -157,6 +157,22 @@ + (NSString *)webScriptNameForSelector:(SEL)aSelector return nil; } ++ (NSString *)webScriptNameForKey:(const char *)key +{ + if (strcmp(key, "throwOnDealloc") == 0) + return @"throwOnDealloc"; + + return nil; +} + ++ (BOOL)isKeyExcludedFromWebScript:(const char *)key +{ + if (strcmp(key, "throwOnDealloc") == 0) + return NO; + + return YES; +} + - (void)removeBridgeRestrictions:(id)container { // let scripts invoke any selector @@ -179,4 +195,12 @@ - (void)throwIfArgumentIsNotHello:(NSString *)str [WebScriptObject throwException:[NSString stringWithFormat:@"%@ != Hello", str]]; } +- (void)dealloc +{ + if (throwOnDealloc) + [WebScriptObject throwException:@"Throwing exception on dealloc of ObjCPlugin"]; + + [super dealloc]; +} + @end