[ServiceWorker] Add NULL check of ExecutionContext in FetchBodyStream::readAsync

scriptState->executionContext() returns NULL in the following situation. [Main thread] - WorkerThread::stop() - m_workerGlobalScope->script()->scheduleExecutionTermination(); - v8::V8::TerminateExecution(m_isolate); [Worker thread] - FetchBodyStream::readAsync() - ScriptPromiseResolver::create() ---> v8::Promise::Resolver::New() - v8::internal::Execution::Call - v8::internal::Invoke - JS - v8::internal::__RT_impl_Runtime_StackGuard - v8::internal::Isolate::TerminateExecution() Sets TerminationException. - scriptState->executionContext() - toExecutionContext() - V8WorkerGlobalScope::findInstanceInPrototypeChain() - V8PerIsolateData::findInstanceInPrototypeChain() - V8PerIsolateData::findInstanceInPrototypeChain() - v8::Object::FindInstanceInPrototypeChain() - ON_BAILOUT(isolate, "v8::Object::FindInstanceInPrototypeChain()", return Local<v8::Object>()); - IsExecutionTerminatingCheck() Returns true. BUG=409755 TEST=run_webkit_tests http/tests/serviceworker/request.html Review URL: https://codereview.chromium.org/535193002 git-svn-id: svn://svn.chromium.org/blink/trunk@181872 bbb929c8-8fbe-4397-9dbb-9b2b20218538

[ServiceWorker] Add NULL check of ExecutionContext in FetchBodyStream::readAsync
scriptState->executionContext() returns NULL in the following situation. [Main thread] - WorkerThread::stop() - m_workerGlobalScope->script()->scheduleExecutionTermination(); - v8::V8::TerminateExecution(m_isolate); [Worker thread] - FetchBodyStream::readAsync() - ScriptPromiseResolver::create() ---> v8::Promise::Resolver::New() - v8::internal::Execution::Call - v8::internal::Invoke - JS - v8::internal::__RT_impl_Runtime_StackGuard - v8::internal::Isolate::TerminateExecution() Sets TerminationException. - scriptState->executionContext() - toExecutionContext() - V8WorkerGlobalScope::findInstanceInPrototypeChain() - V8PerIsolateData::findInstanceInPrototypeChain() - V8PerIsolateData::findInstanceInPrototypeChain() - v8::Object::FindInstanceInPrototypeChain() - ON_BAILOUT(isolate, "v8::Object::FindInstanceInPrototypeChain()", return Local<v8::Object>()); - IsExecutionTerminatingCheck() Returns true. BUG=409755 TEST=run_webkit_tests http/tests/serviceworker/request.html Review URL: https://codereview.chromium.org/535193002 git-svn-id: svn://svn.chromium.org/blink/trunk@181872 bbb929c8-8fbe-4397-9dbb-9b2b20218538
3034deef · horo@chromium.org · 0e1357ff · 3034deef
Commit 3034deef authored Sep 12, 2014 by horo@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 1 deletion

third_party/WebKit/Source/modules/serviceworkers/Body.cpp third_party/WebKit/Source/modules/serviceworkers/Body.cpp +11 -1

No files found.
--- a/third_party/WebKit/Source/modules/serviceworkers/Body.cpp
+++ b/third_party/WebKit/Source/modules/serviceworkers/Body.cpp
@@ -19,6 +19,16 @@ ScriptPromise Body::readAsync(ScriptState* scriptState, ResponseType type)
    if (m_bodyUsed)
        return ScriptPromise::reject(scriptState, V8ThrowException::createTypeError("Already read", scriptState->isolate()));

+    // When the main thread sends a V8::TerminateExecution() signal to a worker
+    // thread, any V8 API on the worker thread starts returning an empty
+    // handle. This can happen in Body::readAsync. To avoid the situation, we
+    // first check the ExecutionContext and return immediately if it's already
+    // gone (which means that the V8::TerminateExecution() signal has been sent
+    // to this worker thread).
+    ExecutionContext* executionContext = scriptState->executionContext();
+    if (!executionContext)
+        return ScriptPromise();
+
    m_bodyUsed = true;
    m_responseType = type;

@@ -62,7 +72,7 @@ ScriptPromise Body::readAsync(ScriptState* scriptState, ResponseType type)
    }

    m_loader = adoptPtr(new FileReaderLoader(readType, this));
-    m_loader->start(scriptState->executionContext(), blobHandle);
+    m_loader->start(executionContext, blobHandle);

    return promise;
 }