[Webkit-unassigned] [Bug 80386] New: Assert in checkValidity() in hashtable.h from WebGeolocationManager::didFailToDeterminePosition() when fetching http://html5demos.com/geo

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Mar 5 23:30:22 PST 2012 

https://bugs.webkit.org/show_bug.cgi?id=80386

           Summary: Assert in checkValidity() in hashtable.h from
                    WebGeolocationManager::didFailToDeterminePosition()
                    when fetching http://html5demos.com/geo
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
               URL: http://html5demos.com/geo
        OS/Version: Windows 7
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P1
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: arpitabahuguna at gmail.com
                CC: arpitabahuguna at gmail.com


Steps to reproduce:
Fetch http://html5demo.com/geo and click on "allow" for the "...would like to use your current location" pop-up.
Assert occurs.

Occurs on:
Windows port revision 103931 (debug build)
Mac port revision 108935 (debug build)

Additional information:
This assert occurs with the CLIENT_BASED_GEOLOCATION flag enabled.
A simple navigator.geolocation.getCurrentPosition() request is made from the page for which the platform returns a position error.

When handling the didFailToDeterminePosition error, the WebGeolocationManager tries to set the error on to the observers for each registered page (WebPage). For doing the same it iterates over the hashset of the registered WebPages.

While setting the error internally Geolocation::handleError() is called wherein stopUpdating() gets called (since no more listeners are available).
stopUpdating() will remove the corresponding observer but since in this particular case no more observers are present, the client's stopUpdating() function is invoked.
WebGeolocationManager un-registers the WebPage (for which it had set the error) from its hashset, even while iterating through it, causing the hashset to become empty.

Next, when we try to increment in the for loop, the assert occurs during the checkValidity() in hashset.h called from the overloaded pre increment operator's implementation.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list