Commit 52ca7c02 authored by steveblock@google.com's avatar steveblock@google.com

2010-08-13 Steve Block <steveblock@google.com>

        Reviewed by Alexey Proskuryakov.

        Geolocation activity started after frame has been disconnected can cause crash
        https://bugs.webkit.org/show_bug.cgi?id=39879

        New requests started after the Frame has been disconnected are ignored. We do
        not invoke the error callback as this would allow buggy or malicious pages to
        hose the CPU. Such a page could hold a reference to a Geolocation object from
        a since closed Page and register new requests from the error callback to
        create an infinite loop.

        Tests: fast/dom/Geolocation/disconnected-frame-already.html

        * page/Geolocation.cpp:
2010-08-13  Steve Block  <steveblock@google.com>

        Reviewed by Alexey Proskuryakov.

        Geolocation activity started after frame has been disconnected can cause crash
        https://bugs.webkit.org/show_bug.cgi?id=39879

        Added new tests to GTK skipped list.

        * fast/dom/Geolocation/disconnected-frame-already.html: Added.
        * fast/dom/Geolocation/disconnected-frame-already-expected.txt: Added.
        * fast/dom/Geolocation/script-tests/disconnected-frame-already.js: Added.
        * fast/dom/Geolocation/resources/disconnected-frame-already-inner1.html: Added.
        * fast/dom/Geolocation/resources/disconnected-frame-already-inner2.html: Added.
        * platform/gtk/Skipped:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@65329 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent fe170308
2010-08-13 Steve Block <steveblock@google.com>
Reviewed by Alexey Proskuryakov.
Geolocation activity started after frame has been disconnected can cause crash
https://bugs.webkit.org/show_bug.cgi?id=39879
Added new tests to GTK skipped list.
* fast/dom/Geolocation/disconnected-frame-already.html: Added.
* fast/dom/Geolocation/disconnected-frame-already-expected.txt: Added.
* fast/dom/Geolocation/script-tests/disconnected-frame-already.js: Added.
* fast/dom/Geolocation/resources/disconnected-frame-already-inner1.html: Added.
* fast/dom/Geolocation/resources/disconnected-frame-already-inner2.html: Added.
* platform/gtk/Skipped:
2010-08-13 Ariya Hidayat <ariya@sencha.com>
Rubber-stamped by Simon Hausmann.
Tests that when a request is made on a Geolocation object after its frame has been disconnected, no callbacks are made and no crash occurs.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
Method called on Geolocation object with disconnected Frame.
PASS successfullyParsed is true
TEST COMPLETE
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
<link rel="stylesheet" href="../../js/resources/js-test-style.css">
<script src="../../js/resources/js-test-pre.js"></script>
</head>
<body>
<p id="description"></p>
<div id="console"></div>
<script src="script-tests/disconnected-frame-already.js"></script>
<script src="../../js/resources/js-test-post.js"></script>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
</head>
<body onload="window.parent.onFirstIframeLoaded()">
<p>This frame should be replaced before the test ends</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
</head>
<body onload="window.parent.onSecondIframeLoaded()">
<p>This frame should be visible when the test completes</p>
</body>
</html>
description("Tests that when a request is made on a Geolocation object after its frame has been disconnected, no callbacks are made and no crash occurs.");
if (window.layoutTestController) {
layoutTestController.setGeolocationPermission(true);
layoutTestController.setMockGeolocationPosition(51.478, -0.166, 100);
}
function onFirstIframeLoaded() {
iframeGeolocation = iframe.contentWindow.navigator.geolocation;
iframe.src = 'resources/disconnected-frame-already-inner2.html';
}
var error;
function onSecondIframeLoaded() {
iframeGeolocation.getCurrentPosition(function () {
testFailed('Success callback invoked unexpectedly');
finishJSTest();
}, function(e) {
testFailed('Error callback invoked unexpectedly');
finishJSTest();
});
setTimeout(finishTest, 1000);
}
function finishTest() {
debug('Method called on Geolocation object with disconnected Frame.');
finishJSTest();
}
var iframe = document.createElement('iframe');
iframe.src = 'resources/disconnected-frame-already-inner1.html';
document.body.appendChild(iframe);
window.jsTestIsAsync = true;
window.successfullyParsed = true;
......@@ -5677,6 +5677,7 @@ storage/indexeddb
fast/dom/Geolocation/callback-to-remote-context.html
fast/dom/Geolocation/callback-to-remote-context2.html
fast/dom/Geolocation/callback-to-deleted-context.html
fast/dom/Geolocation/disconnected-frame-already.html
# GTK+ theme-rendered widgets do not support CSS transforms
# https://bugs.webkit.org/show_bug.cgi?id=40139
......
2010-08-13 Steve Block <steveblock@google.com>
Reviewed by Alexey Proskuryakov.
Geolocation activity started after frame has been disconnected can cause crash
https://bugs.webkit.org/show_bug.cgi?id=39879
New requests started after the Frame has been disconnected are ignored. We do
not invoke the error callback as this would allow buggy or malicious pages to
hose the CPU. Such a page could hold a reference to a Geolocation object from
a since closed Page and register new requests from the error callback to
create an infinite loop.
Tests: fast/dom/Geolocation/disconnected-frame-already.html
* page/Geolocation.cpp:
2010-08-13 Satish Sampath <satish@chromium.org>
Reviewed by Jeremy Orlow.
......@@ -249,6 +249,9 @@ Geoposition* Geolocation::lastPosition()
void Geolocation::getCurrentPosition(PassRefPtr<PositionCallback> successCallback, PassRefPtr<PositionErrorCallback> errorCallback, PassRefPtr<PositionOptions> options)
{
if (!m_frame)
return;
RefPtr<GeoNotifier> notifier = startRequest(successCallback, errorCallback, options);
ASSERT(notifier);
......@@ -257,6 +260,9 @@ void Geolocation::getCurrentPosition(PassRefPtr<PositionCallback> successCallbac
int Geolocation::watchPosition(PassRefPtr<PositionCallback> successCallback, PassRefPtr<PositionErrorCallback> errorCallback, PassRefPtr<PositionOptions> options)
{
if (!m_frame)
return 0;
RefPtr<GeoNotifier> notifier = startRequest(successCallback, errorCallback, options);
ASSERT(notifier);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment