[Webkit-unassigned] [Bug 35826] New: crash when makeSuccessCallbacks is called after disconnectFrame
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Mar 6 00:36:53 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=35826
Summary: crash when makeSuccessCallbacks is called after
disconnectFrame
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Mac OS X 10.5
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: arno at renevier.net
Hi,
when a request for geolocation permission is emited, and document asking for
permission is unloaded, it's possible for the embedder to still call
setIsAllowed (possibly other functions) after document has been unloaded.
Then, a crash occurs in Geolocation::makeSuccessCallbacks or
Geolocation::handleError
The crash happens in copyToVector inline function.
After investigating, I discovered in this part of copyToVector
vector.resize(collection.size());
iterator it = collection.begin();
iterator end = collection.end();
for (unsigned i = 0; it != end; ++it, ++i)
vector[i] = (*it).first;
collection.size() evaluates to 1, but loop is entered twice; I don't understood
why.
Is it a good idea to have a boolean member m_isDisconnected, set it to false in
disconnectFrame, and check its value at start of handleError and
makeSuccessCallbacks ? or is there a better solution ?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list