Diff
Modified: trunk/LayoutTests/ChangeLog (90913 => 90914)
--- trunk/LayoutTests/ChangeLog 2011-07-13 14:02:25 UTC (rev 90913)
+++ trunk/LayoutTests/ChangeLog 2011-07-13 14:11:14 UTC (rev 90914)
@@ -1,3 +1,17 @@
+2011-07-13 John Knottenbelt <[email protected]>
+
+ Reference Geolocation object from GeoNotifier and Geolocation::setIsAllowed.
+ https://bugs.webkit.org/show_bug.cgi?id=64363
+
+ Reviewed by Tony Gentilcore.
+
+ * fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html: Added.
+ * fast/dom/Geolocation/resources/remove-remote-context-in-error-callback-crash-inner.html: Added.
+ * fast/dom/Geolocation/script-tests/remove-remote-context-in-error-callback-crash.js: Added.
+ * fast/dom/Geolocation/remove-remote-context-in-error-callback-crash-expected.txt: Added.
+ (gc):
+ (onIframeReady):
+
2011-07-13 Csaba Osztrogonác <[email protected]>
[Qt] Unreviewed gardening.
Added: trunk/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash-expected.txt (0 => 90914)
--- trunk/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash-expected.txt 2011-07-13 14:11:14 UTC (rev 90914)
@@ -0,0 +1,10 @@
+Tests that we do not crash when a Geolocation request is made from a remote frame, which is then removed from the DOM in the error callback.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS Error callback invoked.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html (0 => 90914)
--- trunk/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html (rev 0)
+++ trunk/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html 2011-07-13 14:11:14 UTC (rev 90914)
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href=""
+<script src=""
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src=""
+<script src=""
+</body>
+</html>
Added: trunk/LayoutTests/fast/dom/Geolocation/resources/remove-remote-context-in-error-callback-crash-inner.html (0 => 90914)
--- trunk/LayoutTests/fast/dom/Geolocation/resources/remove-remote-context-in-error-callback-crash-inner.html (rev 0)
+++ trunk/LayoutTests/fast/dom/Geolocation/resources/remove-remote-context-in-error-callback-crash-inner.html 2011-07-13 14:11:14 UTC (rev 90914)
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+ <head>
+ <script>
+ function init() {
+ if (window.layoutTestController)
+ layoutTestController.setGeolocationPermission(false);
+ window.parent.onIframeReady()
+ }
+ </script>
+ </head>
+ <body _onload_="init()">
+ </body>
+</html>
Added: trunk/LayoutTests/fast/dom/Geolocation/script-tests/remove-remote-context-in-error-callback-crash.js (0 => 90914)
--- trunk/LayoutTests/fast/dom/Geolocation/script-tests/remove-remote-context-in-error-callback-crash.js (rev 0)
+++ trunk/LayoutTests/fast/dom/Geolocation/script-tests/remove-remote-context-in-error-callback-crash.js 2011-07-13 14:11:14 UTC (rev 90914)
@@ -0,0 +1,31 @@
+description("Tests that we do not crash when a Geolocation request is made from a remote frame, which is then removed from the DOM in the error callback.");
+
+function gc() {
+ if (window.GCController) {
+ GCController.collect();
+ return;
+ }
+
+ for (var i = 0; i < 10000; i++)
+ new String(i);
+}
+
+function onIframeReady() {
+ // Make request from remote frame
+ iframe.contentWindow.navigator.geolocation.getCurrentPosition(function() {
+ testFailed('Success callback invoked unexpectedly');
+ finishJSTest();
+ }, function() {
+ testPassed('Error callback invoked.');
+ document.body.removeChild(iframe);
+ gc();
+ finishJSTest();
+ });
+}
+
+var iframe = document.createElement('iframe');
+iframe.src = '';
+document.body.appendChild(iframe);
+
+window.jsTestIsAsync = true;
+window.successfullyParsed = true;
Modified: trunk/Source/WebCore/ChangeLog (90913 => 90914)
--- trunk/Source/WebCore/ChangeLog 2011-07-13 14:02:25 UTC (rev 90913)
+++ trunk/Source/WebCore/ChangeLog 2011-07-13 14:11:14 UTC (rev 90914)
@@ -1,3 +1,16 @@
+2011-07-13 John Knottenbelt <[email protected]>
+
+ Reference Geolocation object from GeoNotifier and Geolocation::setIsAllowed.
+ https://bugs.webkit.org/show_bug.cgi?id=64363
+
+ Reviewed by Tony Gentilcore.
+
+ Test: fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html
+
+ * page/Geolocation.cpp:
+ (WebCore::Geolocation::setIsAllowed):
+ * page/Geolocation.h:
+
2011-07-13 Vsevolod Vlasov <[email protected]>
Web Inspector: Network panel search needs each resource to have unique identifier.
Modified: trunk/Source/WebCore/page/Geolocation.cpp (90913 => 90914)
--- trunk/Source/WebCore/page/Geolocation.cpp 2011-07-13 14:02:25 UTC (rev 90913)
+++ trunk/Source/WebCore/page/Geolocation.cpp 2011-07-13 14:11:14 UTC (rev 90914)
@@ -442,6 +442,9 @@
void Geolocation::setIsAllowed(bool allowed)
{
+ // Protect the Geolocation object from garbage collection during a callback.
+ RefPtr<Geolocation> protect(this);
+
// This may be due to either a new position from the service, or a cached
// position.
m_allowGeolocation = allowed ? Yes : No;
Modified: trunk/Source/WebCore/page/Geolocation.h (90913 => 90914)
--- trunk/Source/WebCore/page/Geolocation.h 2011-07-13 14:02:25 UTC (rev 90913)
+++ trunk/Source/WebCore/page/Geolocation.h 2011-07-13 14:11:14 UTC (rev 90914)
@@ -100,7 +100,7 @@
void startTimerIfNeeded();
void timerFired(Timer<GeoNotifier>*);
- Geolocation* m_geolocation;
+ RefPtr<Geolocation> m_geolocation;
RefPtr<PositionCallback> m_successCallback;
RefPtr<PositionErrorCallback> m_errorCallback;
RefPtr<PositionOptions> m_options;
