'Re: RFR: 8233747: JVM crash in com.sun.webkit.dom.DocumentImpl.createAttribute'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-openjfx-dev
Subject:    Re: RFR: 8233747: JVM crash in com.sun.webkit.dom.DocumentImpl.createAttribute
From:       Arun Joseph <ajoseph () openjdk ! java ! net>
Date:       2019-11-28 13:16:19
Message-ID: 2P1UiDuRSSNhGKHtiqYXdKwnD0vk71hHSq9B8DJafRI=.b404a52a-f3bd-4966-be7f-d515fba2b2c5 () github ! com
[Download RAW message or body]

On Wed, 20 Nov 2019 15:04:07 GMT, Kevin Rushforth <kcr@openjdk.org> wrote:

> On Wed, 20 Nov 2019 07:05:40 GMT, Arun Joseph <ajoseph@openjdk.org> wrote:
> 
> > Issue: Native part of WebView throws a DOMException and then, continues executing \
> > the rest of the function assuming that value is present. This causes the JVM to \
> > crash when retrieving the value. 
> > Fix: Return from the function if exception was raised (code is similar to \
> > exception handling in \
> > [WebKitLegacy/java/DOM/JavaTreeWalker.cpp](https://github.com/openjdk/jfx/blob/mas \
> > ter/modules/javafx.web/src/main/native/Source/WebKitLegacy/java/DOM/JavaTreeWalker.cpp))
> >  
> > This fix also needs to be applied to all function calls in \
> > [WebKitLegacy/java/DOM](https://github.com/openjdk/jfx/tree/master/modules/javafx.web/src/main/native/Source/WebKitLegacy/java/DOM) \
> > functions which raises DOMError similar to createAttributeImpl(). 
> > ----------------
> > 
> > Commits:
> > - acc52780: 8233747: JVM crash in com.sun.webkit.dom.DocumentImpl.createAttribute
> > 
> > Changes: https://git.openjdk.java.net/jfx/pull/47/files
> > Webrev: https://webrevs.openjdk.java.net/jfx/47/webrev.00
> > Issue: https://bugs.openjdk.java.net/browse/JDK-8233747
> > Stats: 7 lines in 1 file changed: 6 ins; 0 del; 1 mod
> > Patch: https://git.openjdk.java.net/jfx/pull/47.diff
> > Fetch: git fetch https://git.openjdk.java.net/jfx pull/47/head:pull/47
> 
> The proposed fix seems more like a workaround to me. There are dozens of very \
> similar calls to `raiseOnDOMError` in this and other files, so I would think a more \
> general solution is needed.

For calls to `raiseOnDOMError()` with argument of type `ExceptionOr<Ref<T>>`, the \
returned value is again passed through `WTF::getPtr()`. This doesn't modify the value \
returned, but removing it will require changing about 40 function calls.

PR: https://git.openjdk.java.net/jfx/pull/47


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic