Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1318)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/renderer/v8_value_converter_impl.cc

Issue 10837066: Fixing crash in V8ValueConverter. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: No getters Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/test/data/extensions/api_test/executescript/callback/test.js ('k') | content/renderer/v8_value_converter_impl_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/renderer/v8_value_converter_impl.cc
diff --git a/content/renderer/v8_value_converter_impl.cc b/content/renderer/v8_value_converter_impl.cc
index f1cda8213e911843c8eaea9aba95cfc2c996a410..4192ec8e4a70c46707d286ec09881e44a3da1321 100644
--- a/content/renderer/v8_value_converter_impl.cc
+++ b/content/renderer/v8_value_converter_impl.cc
@@ -311,7 +311,16 @@ Value* V8ValueConverterImpl::FromV8Object(
for (uint32 i = 0; i < property_names->Length(); ++i) {
v8::Handle<v8::Value> key(property_names->Get(i));
- if (!key->IsString() || !val->HasRealNamedProperty(key->ToString()))
+ // base::DictionaryValue can only have string properties.
+ if (!key->IsString())
+ continue;
+
+ // Ensure that the property actually exists.
+ if (!val->HasRealNamedProperty(key->ToString()))
+ continue;
+
+ // Skip all callbacks: crbug.com/139933
+ if (val->HasRealNamedCallbackProperty(key->ToString()))
continue;
v8::String::Utf8Value name_utf8(key->ToString());
« no previous file with comments | « chrome/test/data/extensions/api_test/executescript/callback/test.js ('k') | content/renderer/v8_value_converter_impl_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698