[Webkit-unassigned] [Bug 96637] Remove V8DOMWindowShell::getEntered
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Sep 30 09:32:48 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=96637
--- Comment #43 from Adam Barth <abarth at webkit.org> 2012-09-30 09:33:12 PST ---
(From update of attachment 166385)
View in context: https://bugs.webkit.org/attachment.cgi?id=166385&action=review
>>> Source/WebCore/bindings/v8/V8DOMWindowShell.cpp:180
>>> + if (innerGlobal->InternalFieldCount() < V8DOMWindow::enteredIsolatedWorldIndex)
>>
>> This is really fragile. There's no guarantee that the innerGlobal for a WorkerContext will have fewer internal fields than the innerGlobal for a DOMWindow.
>>
>> It looks like this function used to only be called on the main thread. We probably need to avoid calling it on worker threads.
>
> I'm not positive, but I believe it has always been used on both worker and main threads. In the stack trace above, for instance, it is can called from a worked thread or a main thread.
>
> I can change the if clause to check if we're on the main thread?
The static_cast<V8DOMWindowShell*> would have been problematic on a worker thread because V8DOMWindowShell* is a main-thread only class. Maybe we introduced this bug in a previous patch and didn't notice?
> Source/WebCore/bindings/v8/custom/V8XMLHttpRequestConstructor.cpp:-59
> - if (V8DOMWindowShell* isolatedWorldShell = V8DOMWindowShell::getEntered())
> - securityOrigin = isolatedWorldShell->isolatedWorldSecurityOrigin();
Yes, this one looks problematic. This function can be called on a worker thread. You can add a check here for context->isDocument(). There's no need to look for isolatedWorldSecurityOrigin if we're not on the main thread (i.e., if context->isDocument() is false).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list