From 0f5d01ff84a9ac1fdde0788971482fffa00e90f3 Mon Sep 17 00:00:00 2001 From: Ben Murdoch Date: Wed, 24 Nov 2010 12:16:03 +0000 Subject: Fix crash in JavaClassV8 It is possible that the m_name member of JavaClass is uninitialized as we possibly early out from the constructor if we could not load the Java class from the JVM. In this case when we call the dtor we try to free uninitialized memory and crash. m_name is not actually used anywhere so we just remove it. Will upstream to webkit. Bug: 3222518 Change-Id: I9354e9914157d2c4afd72dcce9122329c2486c89 --- WebCore/bridge/jni/v8/JavaClassV8.cpp | 8 -------- WebCore/bridge/jni/v8/JavaClassV8.h | 1 - 2 files changed, 9 deletions(-) diff --git a/WebCore/bridge/jni/v8/JavaClassV8.cpp b/WebCore/bridge/jni/v8/JavaClassV8.cpp index 04f8822..1d381af 100644 --- a/WebCore/bridge/jni/v8/JavaClassV8.cpp +++ b/WebCore/bridge/jni/v8/JavaClassV8.cpp @@ -26,7 +26,6 @@ #include "config.h" #include "JavaClassV8.h" - using namespace JSC::Bindings; JavaClass::JavaClass(jobject anInstance) @@ -38,11 +37,6 @@ JavaClass::JavaClass(jobject anInstance) return; } - jstring className = static_cast(callJNIMethod(aClass, "getName", "()Ljava/lang/String;")); - const char* classNameC = getCharactersFromJString(className); - m_name = strdup(classNameC); - releaseCharactersForJString(className, classNameC); - int i; JNIEnv* env = getJNIEnv(); @@ -82,8 +76,6 @@ JavaClass::JavaClass(jobject anInstance) JavaClass::~JavaClass() { - free(const_cast(m_name)); - deleteAllValues(m_fields); m_fields.clear(); diff --git a/WebCore/bridge/jni/v8/JavaClassV8.h b/WebCore/bridge/jni/v8/JavaClassV8.h index 0c1d627..99137f1 100644 --- a/WebCore/bridge/jni/v8/JavaClassV8.h +++ b/WebCore/bridge/jni/v8/JavaClassV8.h @@ -49,7 +49,6 @@ public: JavaField* fieldNamed(const char* name) const; private: - const char* m_name; MethodListMap m_methods; FieldMap m_fields; }; -- cgit v1.1