diff options
Diffstat (limited to 'chrome/renderer')
| -rw-r--r-- | chrome/renderer/module_system.cc | 6 | ||||
| -rw-r--r-- | chrome/renderer/module_system.h | 3 | ||||
| -rw-r--r-- | chrome/renderer/native_handler.cc | 8 |
3 files changed, 17 insertions, 0 deletions
diff --git a/chrome/renderer/module_system.cc b/chrome/renderer/module_system.cc index 53f1267..7c246e4 100644 --- a/chrome/renderer/module_system.cc +++ b/chrome/renderer/module_system.cc @@ -59,6 +59,12 @@ ModuleSystem::NativesEnabledScope::~NativesEnabledScope() { CHECK_GE(module_system_->natives_enabled_, 0); } +// static +bool ModuleSystem::IsPresentInCurrentContext() { + v8::Handle<v8::Object> global(v8::Context::GetCurrent()->Global()); + return !global->GetHiddenValue(v8::String::New(kModuleSystem))->IsUndefined(); +} + void ModuleSystem::Require(const std::string& module_name) { v8::HandleScope handle_scope; RequireForJsInner(v8::String::New(module_name.c_str())); diff --git a/chrome/renderer/module_system.h b/chrome/renderer/module_system.h index 1dc6065..c68137a 100644 --- a/chrome/renderer/module_system.h +++ b/chrome/renderer/module_system.h @@ -54,6 +54,9 @@ class ModuleSystem : public NativeHandler { explicit ModuleSystem(v8::Handle<v8::Context> context, SourceMap* source_map); virtual ~ModuleSystem(); + // Returns true if the current context has a ModuleSystem installed in it. + static bool IsPresentInCurrentContext(); + // Require the specified module. This is the equivalent of calling // require('module_name') from the loaded JS files. void Require(const std::string& module_name); diff --git a/chrome/renderer/native_handler.cc b/chrome/renderer/native_handler.cc index a09486b..7076b32 100644 --- a/chrome/renderer/native_handler.cc +++ b/chrome/renderer/native_handler.cc @@ -6,6 +6,7 @@ #include "base/memory/linked_ptr.h" #include "base/logging.h" +#include "chrome/renderer/module_system.h" #include "v8/include/v8.h" NativeHandler::NativeHandler() @@ -23,6 +24,13 @@ v8::Handle<v8::Object> NativeHandler::NewInstance() { // static v8::Handle<v8::Value> NativeHandler::Router(const v8::Arguments& args) { + // It is possible for JS code to execute after ModuleSystem has been deleted + // in which case the native handlers will also have been deleted, making + // HandlerFunction below point to freed memory. + if (!ModuleSystem::IsPresentInCurrentContext()) { + return v8::ThrowException(v8::Exception::Error( + v8::String::New("ModuleSystem has been deleted"))); + } HandlerFunction* handler_function = static_cast<HandlerFunction*>( args.Data().As<v8::External>()->Value()); return handler_function->Run(args); |