Diff
Modified: branches/safari-534.51-branch/LayoutTests/ChangeLog (91588 => 91589)
--- branches/safari-534.51-branch/LayoutTests/ChangeLog 2011-07-22 19:21:09 UTC (rev 91588)
+++ branches/safari-534.51-branch/LayoutTests/ChangeLog 2011-07-22 19:23:43 UTC (rev 91589)
@@ -1,5 +1,23 @@
2011-07-22 Lucas Forschler <lforsch...@apple.com>
+ Merged 90914.
+
+ 2011-07-13 John Knottenbelt <jknot...@chromium.org>
+
+ Reference Geolocation object from GeoNotifier and Geolocation::setIsAllowed.
+ https://bugs.webkit.org/show_bug.cgi?id=64363
+
+ Reviewed by Tony Gentilcore.
+
+ * fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html: Added.
+ * fast/dom/Geolocation/resources/remove-remote-context-in-error-callback-crash-inner.html: Added.
+ * fast/dom/Geolocation/script-tests/remove-remote-context-in-error-callback-crash.js: Added.
+ * fast/dom/Geolocation/remove-remote-context-in-error-callback-crash-expected.txt: Added.
+ (gc):
+ (onIframeReady):
+
+2011-07-22 Lucas Forschler <lforsch...@apple.com>
+
Merged 90573.
2011-07-07 Dan Bernstein <m...@apple.com>
Copied: branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash-expected.txt (from rev 90914, trunk/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash-expected.txt) (0 => 91589)
--- branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash-expected.txt (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash-expected.txt 2011-07-22 19:23:43 UTC (rev 91589)
@@ -0,0 +1,10 @@
+Tests that we do not crash when a Geolocation request is made from a remote frame, which is then removed from the DOM in the error callback.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS Error callback invoked.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Copied: branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html (from rev 90914, trunk/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html) (0 => 91589)
--- branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html 2011-07-22 19:23:43 UTC (rev 91589)
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href=""
+<script src=""
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src=""
+<script src=""
+</body>
+</html>
Copied: branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/resources/remove-remote-context-in-error-callback-crash-inner.html (from rev 90914, trunk/LayoutTests/fast/dom/Geolocation/resources/remove-remote-context-in-error-callback-crash-inner.html) (0 => 91589)
--- branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/resources/remove-remote-context-in-error-callback-crash-inner.html (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/resources/remove-remote-context-in-error-callback-crash-inner.html 2011-07-22 19:23:43 UTC (rev 91589)
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+ <head>
+ <script>
+ function init() {
+ if (window.layoutTestController)
+ layoutTestController.setGeolocationPermission(false);
+ window.parent.onIframeReady()
+ }
+ </script>
+ </head>
+ <body _onload_="init()">
+ </body>
+</html>
Copied: branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/script-tests/remove-remote-context-in-error-callback-crash.js (from rev 90914, trunk/LayoutTests/fast/dom/Geolocation/script-tests/remove-remote-context-in-error-callback-crash.js) (0 => 91589)
--- branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/script-tests/remove-remote-context-in-error-callback-crash.js (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/script-tests/remove-remote-context-in-error-callback-crash.js 2011-07-22 19:23:43 UTC (rev 91589)
@@ -0,0 +1,31 @@
+description("Tests that we do not crash when a Geolocation request is made from a remote frame, which is then removed from the DOM in the error callback.");
+
+function gc() {
+ if (window.GCController) {
+ GCController.collect();
+ return;
+ }
+
+ for (var i = 0; i < 10000; i++)
+ new String(i);
+}
+
+function onIframeReady() {
+ // Make request from remote frame
+ iframe.contentWindow.navigator.geolocation.getCurrentPosition(function() {
+ testFailed('Success callback invoked unexpectedly');
+ finishJSTest();
+ }, function() {
+ testPassed('Error callback invoked.');
+ document.body.removeChild(iframe);
+ gc();
+ finishJSTest();
+ });
+}
+
+var iframe = document.createElement('iframe');
+iframe.src = '';
+document.body.appendChild(iframe);
+
+window.jsTestIsAsync = true;
+window.successfullyParsed = true;
Modified: branches/safari-534.51-branch/Source/WebCore/ChangeLog (91588 => 91589)
--- branches/safari-534.51-branch/Source/WebCore/ChangeLog 2011-07-22 19:21:09 UTC (rev 91588)
+++ branches/safari-534.51-branch/Source/WebCore/ChangeLog 2011-07-22 19:23:43 UTC (rev 91589)
@@ -1,5 +1,22 @@
2011-07-22 Lucas Forschler <lforsch...@apple.com>
+ Merged 90914.
+
+ 2011-07-13 John Knottenbelt <jknot...@chromium.org>
+
+ Reference Geolocation object from GeoNotifier and Geolocation::setIsAllowed.
+ https://bugs.webkit.org/show_bug.cgi?id=64363
+
+ Reviewed by Tony Gentilcore.
+
+ Test: fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html
+
+ * page/Geolocation.cpp:
+ (WebCore::Geolocation::setIsAllowed):
+ * page/Geolocation.h:
+
+2011-07-22 Lucas Forschler <lforsch...@apple.com>
+
Merged 90797.
2011-07-11 Jer Noble <jer.no...@apple.com>
Modified: branches/safari-534.51-branch/Source/WebCore/page/Geolocation.cpp (91588 => 91589)
--- branches/safari-534.51-branch/Source/WebCore/page/Geolocation.cpp 2011-07-22 19:21:09 UTC (rev 91588)
+++ branches/safari-534.51-branch/Source/WebCore/page/Geolocation.cpp 2011-07-22 19:23:43 UTC (rev 91589)
@@ -442,6 +442,9 @@
void Geolocation::setIsAllowed(bool allowed)
{
+ // Protect the Geolocation object from garbage collection during a callback.
+ RefPtr<Geolocation> protect(this);
+
// This may be due to either a new position from the service, or a cached
// position.
m_allowGeolocation = allowed ? Yes : No;
Modified: branches/safari-534.51-branch/Source/WebCore/page/Geolocation.h (91588 => 91589)
--- branches/safari-534.51-branch/Source/WebCore/page/Geolocation.h 2011-07-22 19:21:09 UTC (rev 91588)
+++ branches/safari-534.51-branch/Source/WebCore/page/Geolocation.h 2011-07-22 19:23:43 UTC (rev 91589)
@@ -100,7 +100,7 @@
void startTimerIfNeeded();
void timerFired(Timer<GeoNotifier>*);
- Geolocation* m_geolocation;
+ RefPtr<Geolocation> m_geolocation;
RefPtr<PositionCallback> m_successCallback;
RefPtr<PositionErrorCallback> m_errorCallback;
RefPtr<PositionOptions> m_options;