[Webkit-unassigned] [Bug 39288] Geolocation causes DOMWindow to leak if position requests are in progress when the page is navigated away
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 27 08:12:09 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=39288
--- Comment #16 from Steve Block <steveblock at google.com> 2010-05-27 08:12:08 PST ---
> If one manages to start a Geolocation after stop(), then we have a security bug
> due to accessing deallocated objects.
I don't think there's any danger of that. Even after stop() has been called and all ongoing requests have been killed, later calls to startRequest() will happily start new requests.
> What exactly creates the circular reference? I think that the proper fix would
> be to avoid having those
On Android I find that if Geolocation requests are ongoing when the tab is closed, away the Frame is not deleted, so disconnectFrame() is never called. I think this is due to the fact that the Geolocation object holds references to script callbacks and script holds references to the page. You might be right that the correct fix is to avoid these circular refs and to rely on disconnectFrame(). Since the current patch is at least a partial fix and shouldn't introduce any further problems, can't we leave it in until we find a complete fix?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list