Fix crash caused by V8Proxy::retrieveFrameForCallingContext() returning 0 in V8DOMWindowCustom::handlePostMessageCallback (issue #436).

git-svn-id: https://chromiumembedded.googlecode.com/svn/trunk@397 5089003a-bbd8-11dd-ad1f-f1f9622dbc98
2011-11-29 01:48:03 +00:00 · 2011-11-29 01:48:03 +00:00 · d351bc538c
parent 559caafd1d
commit d351bc538c
2 changed files with 22 additions and 0 deletions
--- a/patch/patch.cfg
+++ b/patch/patch.cfg
@ -21,6 +21,11 @@ patches = [
    'name': 'tools_gyp',
    'path': '../tools/gyp/',
  },
+  {
+    # https://bugs.webkit.org/show_bug.cgi?id=73273
+    'name': 'v8_custom',
+    'path': '../third_party/WebKit/Source/WebCore/bindings/v8/custom/'
+  },
  {
    # http://code.google.com/p/chromiumembedded/issues/detail?id=364
    'name': 'spi_webcore_364',
--- a/patch/patches/v8_custom.patch
+++ b/patch/patches/v8_custom.patch
@ -0,0 +1,17 @@
+Index: V8DOMWindowCustom.cpp
+===================================================================
+--- V8DOMWindowCustom.cpp	(revision 100508)
+++ V8DOMWindowCustom.cpp	(working copy)
+@@ -291,8 +291,11 @@
+ static v8::Handle<v8::Value> handlePostMessageCallback(const v8::Arguments& args, bool doTransfer)
+ {
+     DOMWindow* window = V8DOMWindow::toNative(args.Holder());
+    Frame* frame = V8Proxy::retrieveFrameForCallingContext();
+    if (!frame)
+        return v8::Undefined();
+ 
+-    DOMWindow* source = V8Proxy::retrieveFrameForCallingContext()->domWindow();
+    DOMWindow* source = frame->domWindow();
+     ASSERT(source->frame());
+ 
+     // This function has variable arguments and can either be: