[Webkit-unassigned] [Bug 39879] New: Geolocation activity started after frame has been disconnected can cause crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri May 28 09:19:34 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=39879
Summary: Geolocation activity started after frame has been
disconnected can cause crash
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: steveblock at google.com
CC: ap at webkit.org, bulach at chromium.org
Bug 39388 addressed the case where Geolocation requests are ongoing when the Frame is disconnected. The ongoing requests must be stopped to prevent them making callbacks after the Frame and Document are gone, as this can cause a crash in the bindings.
However, a crash is still possible if new Geolocation requests are started after the Frame has been disconnected. This can be the case if a same-origin frame holds a reference to the Geolocation object after it's owning Frame has gone. This has been discussed in Bug 39288.
I have a test case and fix and will upload them shortly.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list