[Webkit-unassigned] [Bug 79222] [chromium] createObjectURL(Blob) throws 'Illegal invocation' error when MEDIA_STREAM is disabled.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 29 00:30:43 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=79222





--- Comment #16 from Hao Zheng <zhenghao at chromium.org>  2012-03-29 00:30:43 PST ---
OK. Now I think it's right that createBlobURL needs a custom signature. But v8 could not handle static function correctly. In builtins.cc TypeCheck:

  Object* holder = recv;
  if (!recv_type->IsUndefined()) {
    for (; holder != heap->null_value(); holder = holder->GetPrototype()) {
      if (holder->IsInstanceOf(FunctionTemplateInfo::cast(recv_type))) {
        break;
      }
    }
    if (holder == heap->null_value()) return holder;
  }

It try to verify holder is instance of recv_type. But for static function, holder is actually recv_type itself, not instance of recv_type. Thus, if we omit the step in objects-inl.h IsInstanceOf:

bool Object::IsInstanceOf(FunctionTemplateInfo* expected) {
  // There is a constraint on the object; check.
//  if (!this->IsJSObject()) return false;
  // Fetch the constructor function of the object.
//  Object* cons_obj = JSObject::cast(this)->map()->constructor();

  // Omit the above step. Use this directly.
  Object* cons_obj = this;

  if (!cons_obj->IsJSFunction()) return false;
  JSFunction* fun = JSFunction::cast(cons_obj);
  // Iterate through the chain of inheriting function templates to
  // see if the required one occurs.
  for (Object* type = fun->shared()->function_data();
       type->IsFunctionTemplateInfo();
       type = FunctionTemplateInfo::cast(type)->parent_template()) {
    if (type == expected) return true;
  }
  // Didn't find the required type in the inheritance chain.
  return false;
}

Then we can invoke the static function. I got a simple patch to v8, but I'm not confident if it's correct. Erik/Adam, could you add some v8 folks here? Thanks!

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list