[V8] Add context checks to WorldContextHandle and V8DOMWindowShell

https://bugs.webkit.org/show_bug.cgi?id=101573 Patch by Dan Carney <[email protected]> on 2012-11-22 Reviewed by Adam Barth. Added a bunch of assertions to ensure the problems with IndexedDB contexts cannot reemerge. No new tests. No change in functionality. * bindings/v8/V8DOMWindowShell.cpp: (WebCore): (WebCore::V8DOMWindowShell::assertContextHasCorrectPrototype): * bindings/v8/V8DOMWindowShell.h: (V8DOMWindowShell): (WebCore::V8DOMWindowShell::isolated): * bindings/v8/WorldContextHandle.cpp: (WebCore::WorldContextHandle::WorldContextHandle): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@135513 268f45cc-cd09-0410-ab3c-d52691b4dbfc
adobe · Nov 22, 2012 · c1a5e1a · c1a5e1a
1 parent 4891f9b
commit c1a5e1a
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 11 deletions.
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
@@ -1,3 +1,24 @@
+2012-11-22  Dan Carney  <[email protected]>
+
+        [V8] Add context checks to WorldContextHandle and V8DOMWindowShell
+        https://bugs.webkit.org/show_bug.cgi?id=101573
+
+        Reviewed by Adam Barth.
+
+        Added a bunch of assertions to ensure the problems with IndexedDB
+        contexts cannot reemerge.
+
+        No new tests. No change in functionality.
+
+        * bindings/v8/V8DOMWindowShell.cpp:
+        (WebCore):
+        (WebCore::V8DOMWindowShell::assertContextHasCorrectPrototype):
+        * bindings/v8/V8DOMWindowShell.h:
+        (V8DOMWindowShell):
+        (WebCore::V8DOMWindowShell::isolated):
+        * bindings/v8/WorldContextHandle.cpp:
+        (WebCore::WorldContextHandle::WorldContextHandle):
+
 2012-11-22  Allan Sandfeld Jensen  <[email protected]>
 
         [Qt] Correct extensions on preferredFilename

diff --git a/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp b/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp
@@ -65,6 +65,14 @@
 
 namespace WebCore {
 
+#ifndef NDEBUG
+void V8DOMWindowShell::assertContextHasCorrectPrototype()
+{
+    ASSERT(isMainThread());
+    ASSERT(V8DOMWrapper::isWrapperOfType(toInnerGlobalObject(v8::Context::GetEntered()), &V8DOMWindow::info));
+}
+#endif
+
 static void checkDocumentWrapper(v8::Handle<v8::Object> wrapper, Document* document)
 {
     ASSERT(V8Document::toNative(wrapper) == document);
@@ -328,7 +336,6 @@ bool V8DOMWindowShell::installDOMWindow()
     V8DOMWindow::installPerContextProperties(windowWrapper, window);
 
     V8DOMWrapper::setDOMWrapper(v8::Handle<v8::Object>::Cast(windowWrapper->GetPrototype()), &V8DOMWindow::info, window);
-    V8DOMWrapper::createDOMWrapper(PassRefPtr<DOMWindow>(window), &V8DOMWindow::info, windowWrapper);
 
     // Install the windowWrapper as the prototype of the innerGlobalObject.
     // The full structure of the global object is as follows:
@@ -346,6 +353,7 @@ bool V8DOMWindowShell::installDOMWindow()
     v8::Handle<v8::Object> innerGlobalObject = toInnerGlobalObject(m_context.get());
     V8DOMWrapper::setDOMWrapper(innerGlobalObject, &V8DOMWindow::info, window);
     innerGlobalObject->SetPrototype(windowWrapper);
+    V8DOMWrapper::createDOMWrapper(PassRefPtr<DOMWindow>(window), &V8DOMWindow::info, windowWrapper);
     return true;
 }
 

diff --git a/Source/WebCore/bindings/v8/V8DOMWindowShell.h b/Source/WebCore/bindings/v8/V8DOMWindowShell.h
@@ -80,8 +80,15 @@ class V8DOMWindowShell {
 
     void destroyGlobal();
 
+#ifndef NDEBUG
+    static void assertContextHasCorrectPrototype();
+#endif
+
     static V8DOMWindowShell* isolated(v8::Handle<v8::Context> context)
     {
+#ifndef NDEBUG
+        assertContextHasCorrectPrototype();
+#endif
         return static_cast<V8DOMWindowShell*>(context->GetAlignedPointerFromEmbedderData(v8ContextIsolatedWindowShell));
     }
 

diff --git a/Source/WebCore/bindings/v8/WorldContextHandle.cpp b/Source/WebCore/bindings/v8/WorldContextHandle.cpp
@@ -35,27 +35,38 @@
 #include "V8Binding.h"
 #include "V8DOMWindow.h"
 #include "V8DOMWindowShell.h"
+#include "V8DedicatedWorkerContext.h"
+#include "V8SharedWorkerContext.h"
 
 namespace WebCore {
 
 WorldContextHandle::WorldContextHandle(WorldToUse worldToUse)
     : m_worldToUse(worldToUse)
 {
+    ASSERT(worldToUse != UseWorkerWorld);
+
     if (worldToUse == UseMainWorld || worldToUse == UseWorkerWorld)
         return;
 
-    if (v8::Context::InContext()) {
-        v8::Handle<v8::Context> context = v8::Context::GetCurrent();
+    if (!v8::Context::InContext())
+        CRASH();
+
+    v8::Handle<v8::Context> context = v8::Context::GetCurrent();
 #if ENABLE(WORKERS)
-        if (UNLIKELY(!V8DOMWrapper::isWrapperOfType(toInnerGlobalObject(context), &V8DOMWindow::info))) {
-            m_worldToUse = UseWorkerWorld;
-            return;
-        }
+    if (UNLIKELY(!V8DOMWrapper::isWrapperOfType(toInnerGlobalObject(context), &V8DOMWindow::info))) {
+#if ENABLE(SHARED_WORKERS)
+        ASSERT(V8DOMWrapper::isWrapperOfType(toInnerGlobalObject(context)->GetPrototype(), &V8DedicatedWorkerContext::info) || V8DOMWrapper::isWrapperOfType(toInnerGlobalObject(context)->GetPrototype(), &V8SharedWorkerContext::info));
+#else
+        ASSERT(V8DOMWrapper::isWrapperOfType(toInnerGlobalObject(context)->GetPrototype(), &V8DedicatedWorkerContext::info));
 #endif
-        if (V8DOMWindowShell::isolated(context)) {
-            m_context = SharedPersistent<v8::Context>::create(context);
-            return;
-        }
+        m_worldToUse = UseWorkerWorld;
+        return;
+    }
+#endif
+
+    if (V8DOMWindowShell::isolated(context)) {
+        m_context = SharedPersistent<v8::Context>::create(context);
+        return;
     }
 
     m_worldToUse = UseMainWorld;