From b4cbd6b88943a0e01d235c581bcf62f9e5acf4a3 Mon Sep 17 00:00:00 2001
From: Cary Clark <cary@android.com>
Date: Mon, 15 Jun 2009 14:02:40 -0400
Subject: detect null pointer in webkit script exception

This security fix
https://android-git.corp.google.com/w/?p=platform/external/webkit.git;a=commit;h=df1815070cfd8d2ed6f7101d1b8d60d037c839e6
introduced a regression in the layout test javascript-url-crash-function.html

It's enough to check for a null scriptExecutionContext in
reportException()
---
 WebCore/bindings/js/JSDOMBinding.cpp | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'WebCore')

diff --git a/WebCore/bindings/js/JSDOMBinding.cpp b/WebCore/bindings/js/JSDOMBinding.cpp
index 5db8791..bb3e1b5 100644
--- a/WebCore/bindings/js/JSDOMBinding.cpp
+++ b/WebCore/bindings/js/JSDOMBinding.cpp
@@ -412,6 +412,8 @@ void reportException(JSC::ExecState* exec, JSValuePtr exception)
     exec->clearException();
 
     ScriptExecutionContext* scriptExecutionContext = static_cast<JSDOMGlobalObject*>(exec->lexicalGlobalObject())->scriptExecutionContext();
+    if (!scriptExecutionContext)
+        return;
     scriptExecutionContext->reportException(errorMessage, lineNumber, exceptionSourceURL);
 }
 
-- 
cgit v1.1