Fix Monkey crash in V8AbstractEventListener

Monkey can trigger a situation such that script can execute while
the frame is detached. Not clear if this can be triggered in
normal usage, but the fix is simple enough.

Bug: 5201341
Change-Id: Id5701cc0947e30103f9168cf43fcb164c0fe8356

diff --git a/Source/WebCore/bindings/v8/V8AbstractEventListener.cpp b/Source/WebCore/bindings/v8/V8AbstractEventListener.cpp
index 90dc097..0de99f8 100644 (file)
--- a/Source/WebCore/bindings/v8/V8AbstractEventListener.cpp
+++ b/Source/WebCore/bindings/v8/V8AbstractEventListener.cpp
@@ -72,6 +72,14 @@ V8AbstractEventListener::~V8AbstractEventListener()
 
 void V8AbstractEventListener::handleEvent(ScriptExecutionContext* context, Event* event)
 {
+#ifdef ANDROID
+    // Monkey data shows that we can crash here, due to script executing while the
+    // page's frame has been detached (in the middle of a navigation).
+    // See b/5201341
+    if (!context)
+        return;
+#endif
+
     // Don't reenter V8 if execution was terminated in this instance of V8.
     if (context->isJSExecutionForbidden())
         return;