[Webkit-unassigned] [Bug 39879] New: Geolocation activity started after frame has been disconnected can cause crash

Fri May 28 09:19:34 PDT 2010

https://bugs.webkit.org/show_bug.cgi?id=39879

           Summary: Geolocation activity started after frame has been
                    disconnected can cause crash
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: steveblock at google.com
                CC: ap at webkit.org, bulach at chromium.org

Bug 39388 addressed the case where Geolocation requests are ongoing when the Frame is disconnected. The ongoing requests must be stopped to prevent them making callbacks after the Frame and Document are gone, as this can cause a crash in the bindings.

However, a crash is still possible if new Geolocation requests are started after the Frame has been disconnected. This can be the case if a same-origin frame holds a reference to the Geolocation object after it's owning Frame has gone. This has been discussed in Bug 39288.

I have a test case and fix and will upload them shortly.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.