[Webkit-unassigned] [Bug 39879] Geolocation activity started after frame has been disconnected can cause crash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jun 2 11:04:45 PDT 2010


https://bugs.webkit.org/show_bug.cgi?id=39879


Steve Block <steveblock at google.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Depends on|                            |40071




--- Comment #10 from Steve Block <steveblock at google.com>  2010-06-02 11:04:43 PST ---
> In fact, is there a more general problem here? Is it ever safe for Geolocation
> to allow callbacks to the script context of another frame, for these reasons?
I've looked into this and, yes this is dangerous. I have a test case where frame A calls a method on frame B's Geolocation object, then frame A's script exectution context gets torn down before frame B's Geolocation object makes the callback, causing a crash.

It seems like the right fix is for the Geolocation object to hold a weak pointer to the script context associated with each method call. Callbacks are then made in this context, checking for existence of the context first.

andreip and jorlow have run into exactly the same problem when implementing IndexedDB. They're implementing the weak pointer for the script context in Bug 40071

Note that this crash doesn't occur with the Database callbacks because the Database object holds a RefPtr to the script context of it's owning frame and makes callbacks in this context. This seems wrong for two reasons ...
- Callbacks are made in the context of the frame owning the Database, not the frame from which the Database method was invoked.
- Objects should not hold onto the script context. See https://bugs.webkit.org/show_bug.cgi?id=39388#c6

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list