Google Git
Sign in
chromium / chromium / src / 60cb383104586711e93c84a8b6ac804050e85270
commit60cb383104586711e93c84a8b6ac804050e85270[log] [tgz]
authorYuki Shiino <yukishiino@chromium.org>Sat Sep 22 02:28:46 2018
committerCommit Bot <commit-bot@chromium.org>Sat Sep 22 02:28:46 2018
treea5a17c30658cd73426abdcabe69bbc1d048edb86
parentc2778a08a604ca0acfb52e56b005f5cdbe5a924c [diff]
v8binding: Do not invoke FrameRequestCallback when iframe is detached.

Crash issue 887661 is happening because an iframe is detached, but
the iframe is still invoking FrameRequestCallback without performing
wrapper-tracing.

In the repro case, callback function's realm = the parent's one, and
the incumbent realm = the parent's one, however, the callback is
registered on the iframe that will be detached.  Thus, any check
against callback function's realm and the incumbent realm does not
work well in this case.

This patch fixes the crash issue by checking the execution context
on the call sites.

Bug: 887661
Change-Id: I1fa784add95424c9ff2c2b27ed3d2edbb920068e
Reviewed-on: https://chromium-review.googlesource.com/1237839
Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Cr-Commit-Position: refs/heads/master@{#593417}
1 file changed
tree: a5a17c30658cd73426abdcabe69bbc1d048edb86
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. blink/
  6. build/
  7. build_overrides/
  8. cc/
  9. chrome/
  10. chrome_elf/
  11. chromecast/
  12. chromeos/
  13. cloud_print/
  14. components/
  15. content/
  16. courgette/
  17. crypto/
  18. dbus/
  19. device/
  20. docs/
  21. extensions/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. mash/
  32. media/
  33. mojo/
  34. native_client_sdk/
  35. net/
  36. pdf/
  37. ppapi/
  38. printing/
  39. remoting/
  40. rlz/
  41. sandbox/
  42. services/
  43. skia/
  44. sql/
  45. storage/
  46. styleguide/
  47. testing/
  48. third_party/
  49. tools/
  50. ui/
  51. url/
  52. webrunner/
  53. .clang-format
  54. .eslintrc.js
  55. .git-blame-ignore-revs
  56. .gitattributes
  57. .gitignore
  58. .gn
  59. .vpython
  60. AUTHORS
  61. BUILD.gn
  62. CODE_OF_CONDUCT.md
  63. codereview.settings
  64. DEPS
  65. ENG_REVIEW_OWNERS
  66. LICENSE
  67. LICENSE.chromium_os
  68. OWNERS
  69. PRESUBMIT.py
  70. PRESUBMIT_test.py
  71. PRESUBMIT_test_mocks.py
  72. README.md
  73. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .