[Webkit-unassigned] [Bug 39879] Geolocation activity started after frame has been disconnected can cause crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jun 1 15:39:36 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=39879
--- Comment #8 from Steve Block <steveblock at google.com> 2010-06-01 15:39:35 PST ---
> > We can't make any callbacks to script so this seems like the only sensible fix.
> I don’t understand. If a script is already running and called us, how could a
> callback in the same context be a problem?
If I understand things correctly, making these callbacks would cause the problems that Bug 39388 tried to fix. (That is, callbacks made after the document has been deleted cause crashes in the bindings after http://trac.webkit.org/changeset/59866). The Geolocation object can't know when the document is deleted in the frame from which the call is made, if that frame is not its owning frame. So the Geolocation object may try to call back to the script context after its document is deleted, causing the crash.
In fact, is there a more general problem here? Is it ever safe for Geolocation to allow callbacks to the script context of another frame, for these reasons?
> > Also, I've added the helper HTML files for the new test to 'script-tests'. Is this
> correct, or should I create a new 'resources' directory?
> resources
Will do
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list