fast/dom/Geolocation/disconnected-frame.html test asserts
authorbenjamin@webkit.org <benjamin@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 22 Sep 2012 00:13:14 +0000 (00:13 +0000)
committerbenjamin@webkit.org <benjamin@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 22 Sep 2012 00:13:14 +0000 (00:13 +0000)
commit9aa9bddde33b0a4b35571ce6d5d400e9e045ffc9
treeac8ef70da490ce7953fbe0e70cac93a2ca4adb2f
parent31a958a50e334f3032773c4461f15746b0708076
fast/dom/Geolocation/disconnected-frame.html test asserts
https://bugs.webkit.org/show_bug.cgi?id=97376

Patch by Benjamin Poulain <bpoulain@apple.com> on 2012-09-21
Reviewed by Alexey Proskuryakov.

Source/WebKit2:

In GeolocationPermissionRequestManager::cancelRequestForGeolocation, we access an iterator
after its value has been removed from the table.
There are two problems with that:
-The iterator is no longer valid after the container has been modified.
-If it was the last element, the table has been freed and the iterator points to deleted memory.

We solve the issue by keeping a copy of the ID. We could have inverted the order of the calls
but that would make the issue less visible for future change.

Testing covered by fast/dom/Geolocation/disconnected-frame.html.

* WebProcess/Geolocation/GeolocationPermissionRequestManager.cpp:
(WebKit::GeolocationPermissionRequestManager::cancelRequestForGeolocation):

LayoutTests:

* platform/wk2/Skipped:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@129278 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/platform/wk2/Skipped
Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/Geolocation/GeolocationPermissionRequestManager.cpp