[Webkit-unassigned] [Bug 113434] New: Crash when calling QWebFrame::evaluateJavaScript
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 27 12:45:03 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=113434
Summary: Crash when calling QWebFrame::evaluateJavaScript
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows 7
Status: UNCONFIRMED
Severity: Critical
Priority: P1
Component: WebKit Qt
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: sfcheng at gmail.com
In Qt 5.0.1, when I use QWebFrame::evaluateJavaScript to execute some script within a QWebFrame, it's very likely to crash at the same place in MarkedAllocator.cpp.
void* MarkedAllocator::allocateSlowCase(size_t bytes)
{
ASSERT(m_heap->globalData()->apiLock().currentThreadIsHoldingLock());
#if COLLECT_ON_EVERY_ALLOCATION
m_heap->collectAllGarbage();
ASSERT(m_heap->m_operationInProgress == NoOperation);
#endif
...
}
The debug assertion ASSERT(m_heap->globalData()->apiLock().currentThreadIsHoldingLock()) was fired right after the entrance of this function.
I did find a similar bug with the blackberry port that's already resolved here: https://bugs.webkit.org/show_bug.cgi?id=100504 . I added the following line "JSC::JSLockHolder lock(exec)" into QVariant QWebFrameAdapter::evaluateJavaScript(const QString &scriptSource) in QWebFrameAdapter.cpp:
QVariant QWebFrameAdapter::evaluateJavaScript(const QString &scriptSource)
{
ScriptController* proxy = frame->script();
QVariant rc;
if (proxy) {
int distance = 0;
JSC::JSValue v = frame->script()->executeScript(ScriptSourceCode(scriptSource)).jsValue();
JSC::ExecState* exec = proxy->globalObject(mainThreadNormalWorld())->globalExec();
JSC::JSLockHolder lock(exec); //This line fixes the bug.
JSValueRef* ignoredException = 0;
rc = JSC::Bindings::convertValueToQVariant(toRef(exec), toRef(exec, v), QMetaType::Void, &distance, ignoredException);
}
return rc;
}
It seems to work and stops the crash. However, I am not an inside developer and don't really know what I am doing. Can someone look into this bug and provide a real fix?
This is a serious bug since it will crash any applications who attempts to run their own scripts within web pages.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list