diff options
| author | Ben Murdoch <benm@google.com> | 2011-09-15 12:19:42 +0100 |
|---|---|---|
| committer | Ben Murdoch <benm@google.com> | 2011-09-15 12:19:42 +0100 |
| commit | dd888d7ab78958132c660a402edcc490bf690620 (patch) | |
| tree | f567d51fe8676e1fbb8e2c6269dd3629342e69b6 | |
| parent | bf67a54e6a1e5ab331404b6e745a6c27c840d6dd (diff) | |
| download | external_webkit-dd888d7ab78958132c660a402edcc490bf690620.zip external_webkit-dd888d7ab78958132c660a402edcc490bf690620.tar.gz external_webkit-dd888d7ab78958132c660a402edcc490bf690620.tar.bz2 | |
Fix Monkey crash in V8AbstractEventListener
Monkey can trigger a situation such that script can execute while
the frame is detached. Not clear if this can be triggered in
normal usage, but the fix is simple enough.
Bug: 5201341
Change-Id: Id5701cc0947e30103f9168cf43fcb164c0fe8356
| -rw-r--r-- | Source/WebCore/bindings/v8/V8AbstractEventListener.cpp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/Source/WebCore/bindings/v8/V8AbstractEventListener.cpp b/Source/WebCore/bindings/v8/V8AbstractEventListener.cpp index 90dc097..0de99f8 100644 --- a/Source/WebCore/bindings/v8/V8AbstractEventListener.cpp +++ b/Source/WebCore/bindings/v8/V8AbstractEventListener.cpp @@ -72,6 +72,14 @@ V8AbstractEventListener::~V8AbstractEventListener() void V8AbstractEventListener::handleEvent(ScriptExecutionContext* context, Event* event) { +#ifdef ANDROID + // Monkey data shows that we can crash here, due to script executing while the + // page's frame has been detached (in the middle of a navigation). + // See b/5201341 + if (!context) + return; +#endif + // Don't reenter V8 if execution was terminated in this instance of V8. if (context->isJSExecutionForbidden()) return; |