From d351bc538c8bcd3c034a1576ac0aa555399ef40a Mon Sep 17 00:00:00 2001
From: Marshall Greenblatt <magreenblatt@gmail.com>
Date: Tue, 29 Nov 2011 01:48:03 +0000
Subject: [PATCH] Fix crash caused by V8Proxy::retrieveFrameForCallingContext()
 returning 0 in V8DOMWindowCustom::handlePostMessageCallback (issue #436).

git-svn-id: https://chromiumembedded.googlecode.com/svn/trunk@397 5089003a-bbd8-11dd-ad1f-f1f9622dbc98
---
 patch/patch.cfg               |  5 +++++
 patch/patches/v8_custom.patch | 17 +++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 patch/patches/v8_custom.patch

diff --git a/patch/patch.cfg b/patch/patch.cfg
index f4122f7ec..a8bd06470 100644
--- a/patch/patch.cfg
+++ b/patch/patch.cfg
@@ -21,6 +21,11 @@ patches = [
     'name': 'tools_gyp',
     'path': '../tools/gyp/',
   },
+  {
+    # https://bugs.webkit.org/show_bug.cgi?id=73273
+    'name': 'v8_custom',
+    'path': '../third_party/WebKit/Source/WebCore/bindings/v8/custom/'
+  },
   {
     # http://code.google.com/p/chromiumembedded/issues/detail?id=364
     'name': 'spi_webcore_364',
diff --git a/patch/patches/v8_custom.patch b/patch/patches/v8_custom.patch
new file mode 100644
index 000000000..f96acbd52
--- /dev/null
+++ b/patch/patches/v8_custom.patch
@@ -0,0 +1,17 @@
+Index: V8DOMWindowCustom.cpp
+===================================================================
+--- V8DOMWindowCustom.cpp	(revision 100508)
++++ V8DOMWindowCustom.cpp	(working copy)
+@@ -291,8 +291,11 @@
+ static v8::Handle<v8::Value> handlePostMessageCallback(const v8::Arguments& args, bool doTransfer)
+ {
+     DOMWindow* window = V8DOMWindow::toNative(args.Holder());
++    Frame* frame = V8Proxy::retrieveFrameForCallingContext();
++    if (!frame)
++        return v8::Undefined();
+ 
+-    DOMWindow* source = V8Proxy::retrieveFrameForCallingContext()->domWindow();
++    DOMWindow* source = frame->domWindow();
+     ASSERT(source->frame());
+ 
+     // This function has variable arguments and can either be: