[webkit-changes] [129278] trunk

[benjamin]

Title: [129278] trunk

Revision

129278

Author

benja...@webkit.org

Date

2012-09-21 17:13:14 -0700 (Fri, 21 Sep 2012)

Log Message

fast/dom/Geolocation/disconnected-frame.html test asserts
https://bugs.webkit.org/show_bug.cgi?id=97376

Patch by Benjamin Poulain <bpoul...@apple.com> on 2012-09-21
Reviewed by Alexey Proskuryakov.

Source/WebKit2: 

In GeolocationPermissionRequestManager::cancelRequestForGeolocation, we access an iterator
after its value has been removed from the table.
There are two problems with that:
-The iterator is no longer valid after the container has been modified.
-If it was the last element, the table has been freed and the iterator points to deleted memory.

We solve the issue by keeping a copy of the ID. We could have inverted the order of the calls
but that would make the issue less visible for future change.

Testing covered by fast/dom/Geolocation/disconnected-frame.html.

* WebProcess/Geolocation/GeolocationPermissionRequestManager.cpp:
(WebKit::GeolocationPermissionRequestManager::cancelRequestForGeolocation):

LayoutTests: 

* platform/wk2/Skipped:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/platform/wk2/Skipped
• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/WebProcess/Geolocation/GeolocationPermissionRequestManager.cpp

Diff

Modified: trunk/LayoutTests/ChangeLog (129277 => 129278)

--- trunk/LayoutTests/ChangeLog	2012-09-21 23:58:16 UTC (rev 129277)
+++ trunk/LayoutTests/ChangeLog	2012-09-22 00:13:14 UTC (rev 129278)
@@ -1,3 +1,12 @@
+2012-09-21  Benjamin Poulain  <bpoul...@apple.com>
+
+        fast/dom/Geolocation/disconnected-frame.html test asserts
+        https://bugs.webkit.org/show_bug.cgi?id=97376
+
+        Reviewed by Alexey Proskuryakov.
+
+        * platform/wk2/Skipped:
+
 2012-09-21  Roger Fong  <roger_f...@apple.com>
 
         Unreviewed. Fix Windows specific accessibility test results. 

Modified: trunk/LayoutTests/platform/wk2/Skipped (129277 => 129278)

--- trunk/LayoutTests/platform/wk2/Skipped	2012-09-21 23:58:16 UTC (rev 129277)
+++ trunk/LayoutTests/platform/wk2/Skipped	2012-09-22 00:13:14 UTC (rev 129278)
@@ -294,7 +294,6 @@
 fast/dom/Geolocation/delayed-permission-allowed.html
 fast/dom/Geolocation/delayed-permission-denied-for-multiple-requests.html
 fast/dom/Geolocation/delayed-permission-denied.html
-fast/dom/Geolocation/disconnected-frame.html
 fast/dom/Geolocation/error-clear-watch.html
 fast/dom/Geolocation/error.html
 fast/dom/Geolocation/maximum-age.html

Modified: trunk/Source/WebKit2/ChangeLog (129277 => 129278)

--- trunk/Source/WebKit2/ChangeLog	2012-09-21 23:58:16 UTC (rev 129277)
+++ trunk/Source/WebKit2/ChangeLog	2012-09-22 00:13:14 UTC (rev 129278)
@@ -1,3 +1,24 @@
+2012-09-21  Benjamin Poulain  <bpoul...@apple.com>
+
+        fast/dom/Geolocation/disconnected-frame.html test asserts
+        https://bugs.webkit.org/show_bug.cgi?id=97376
+
+        Reviewed by Alexey Proskuryakov.
+
+        In GeolocationPermissionRequestManager::cancelRequestForGeolocation, we access an iterator
+        after its value has been removed from the table.
+        There are two problems with that:
+        -The iterator is no longer valid after the container has been modified.
+        -If it was the last element, the table has been freed and the iterator points to deleted memory.
+
+        We solve the issue by keeping a copy of the ID. We could have inverted the order of the calls
+        but that would make the issue less visible for future change.
+
+        Testing covered by fast/dom/Geolocation/disconnected-frame.html.
+
+        * WebProcess/Geolocation/GeolocationPermissionRequestManager.cpp:
+        (WebKit::GeolocationPermissionRequestManager::cancelRequestForGeolocation):
+
 2012-09-21  Sam Weinig  <s...@webkit.org>
 
         REGRESSION (r120361) Warnings while preprocessing com.apple.WebProcess.sb.in

Modified: trunk/Source/WebKit2/WebProcess/Geolocation/GeolocationPermissionRequestManager.cpp (129277 => 129278)

--- trunk/Source/WebKit2/WebProcess/Geolocation/GeolocationPermissionRequestManager.cpp	2012-09-21 23:58:16 UTC (rev 129277)
+++ trunk/Source/WebKit2/WebProcess/Geolocation/GeolocationPermissionRequestManager.cpp	2012-09-22 00:13:14 UTC (rev 129278)
@@ -73,8 +73,9 @@
     if (it == m_geolocationToIDMap.end())
         return;
 
+    uint64_t geolocationID = it->second;
     m_geolocationToIDMap.remove(it);
-    m_idToGeolocationMap.remove(it->second);
+    m_idToGeolocationMap.remove(geolocationID);
 }
 
 void GeolocationPermissionRequestManager::didReceiveGeolocationPermissionDecision(uint64_t geolocationID, bool allowed)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes