v8bindings: Patchwork the crash at LocalWindowProxy::Initialize

We've been observing crashes at LocalWindowProxy::Initialize void LocalWindowProxy::Initialize() { CHECK(!GetFrame()->IsProvisional()); ... } through calls to ToScriptState. This patch patchworks to stop the crash by checking frame->IsProvisional() beforehand. This patch makes ToScriptState return nullptr when the frame is provisional, and it'd potentionally cause crashes on the call sites. (ToScriptState is designed to return nullptr in some cases, so the call sites must have been checking the return value.) Anyway, Blink has been crashing in the case that this patch is bailing out, thus the situation won't become worse. Bug: 1037985, 578349, 1046282 Change-Id: I9497aa740d7b1d14e400c5e416d4a988ff8f488e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2024189 Commit-Queue: Yuki Shiino <yukishiino@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Cr-Commit-Position: refs/heads/master@{#735825}

v8bindings: Patchwork the crash at LocalWindowProxy::Initialize
We've been observing crashes at LocalWindowProxy::Initialize void LocalWindowProxy::Initialize() { CHECK(!GetFrame()->IsProvisional()); ... } through calls to ToScriptState. This patch patchworks to stop the crash by checking frame->IsProvisional() beforehand. This patch makes ToScriptState return nullptr when the frame is provisional, and it'd potentionally cause crashes on the call sites. (ToScriptState is designed to return nullptr in some cases, so the call sites must have been checking the return value.) Anyway, Blink has been crashing in the case that this patch is bailing out, thus the situation won't become worse. Bug: 1037985, 578349, 1046282 Change-Id: I9497aa740d7b1d14e400c5e416d4a988ff8f488e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2024189 Commit-Queue: Yuki Shiino <yukishiino@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Cr-Commit-Position: refs/heads/master@{#735825}
72e77776 · Yuki Shiino · Commit Bot · cfd0949f · 72e77776
Commit 72e77776 authored Jan 28, 2020 by Yuki Shiino Committed by Commit Bot Jan 28, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 0 deletions

third_party/blink/renderer/bindings/core/v8/v8_binding_for_core.cc ...ty/blink/renderer/bindings/core/v8/v8_binding_for_core.cc +7 -0

No files found.
--- a/third_party/blink/renderer/bindings/core/v8/v8_binding_for_core.cc
+++ b/third_party/blink/renderer/bindings/core/v8/v8_binding_for_core.cc
@@ -773,6 +773,13 @@ v8::Local<v8::Context> ToV8ContextEvenIfDetached(LocalFrame* frame,
  // TODO(yukishiino): this method probably should not force context creation,
  // but it does through WindowProxy() call.
  DCHECK(frame);
+  // TODO(crbug.com/1046282): The following bailout is a temporary fix
+  // introduced due to crbug.com/1037985 .  Remove this temporary fix once
+  // the root cause is fixed.
+  if (frame->IsProvisional())
+    return v8::Local<v8::Context>();
  return frame->WindowProxy(world)->ContextIfInitialized();
 }