Summary: | Geolocation bug causes crash when watch is cleared from some callbacks | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Steve Block <steveblock> | ||||
Component: | WebCore Misc. | Assignee: | Steve Block <steveblock> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | commit-queue, steveblock, webkit.review.bot | ||||
Priority: | P2 | ||||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Attachments: |
|
Description
Steve Block
2009-12-03 03:10:31 PST
Created attachment 44241 [details] Patch 1 for Bug 32111 style-queue ran check-webkit-style on attachment 44241 [details] without any errors.
Comment on attachment 44241 [details] Patch 1 for Bug 32111 > + // Cache our pointer to the Geolocation object, as this GeoNotifier object > + // could be deleted by a call to clearWatch in a callback. > + Geolocation* geolocation = m_geolocation; Since the Geolocation object is reference counted, shouldn't this be a RefPtr? If not, then why is the Geolocation object reference counted? In other words, what guarantees it will not be destroyed? > Since the Geolocation object is reference counted, shouldn't this be a RefPtr?
> If not, then why is the Geolocation object reference counted? In other words,
> what guarantees it will not be destroyed?
The GeoNotifier objects are owned by the Geolocation object and their lifetime is controlled with RefPtrs. Each GeoNotifier has a raw pointer back to the Geolocation object which it uses to make callbacks. Since the GeoNotifier objects are owned by the Geolocation object, the Geolocation object is guaranteed to have a longer lifespan, so the raw Geolocation pointers held by the GeoNotifier objects will always be valid.
Comment on attachment 44241 [details] Patch 1 for Bug 32111 Clearing flags on attachment: 44241 Committed r51692: <http://trac.webkit.org/changeset/51692> All reviewed patches have been landed. Closing bug. |