RESOLVED FIXED 30122
Geolocation does not protect against wrap-around of request IDs 
https://bugs.webkit.org/show_bug.cgi?id=30122
Summary Geolocation does not protect against wrap-around of request IDs
Steve Block
Reported 2009-10-06 05:52:24 PDT
Currently there is no guard to prevent wrap-around of the IDs used for Geolocation requests. This means that when the ID overflows, a previously existing request will be canceled and its ID reused. The orignal ID will then reference the wrong request.
Attachments
Patch 1 for Bug 30122 (1.26 KB, patch)
2009-10-28 10:46 PDT, Steve Block 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Steve Block
Comment 1 2009-10-06 10:49:55 PDT
I looked at how window.setTimeout() handles overflow of its timer IDs. It looks like it simply allows the overflow to happen (while ensuring the ID remains positive), thus overwriting the previous timer. See http://trac.webkit.org/browser/trunk/WebCore/page/DOMTimer.cpp. I suggest we do the same for Geolocation requests - allow the overflow, making sure the ID remains positive or negative as appropriate.
Steve Block
Comment 2 2009-10-28 10:46:24 PDT
Created attachment 42043 [details] Patch 1 for Bug 30122 It's not practical to add a test for this, as triggering the overflow would require so many watches to be started that it would be prohibitively slow.
Darin Adler
Comment 3 2009-10-28 10:49:29 PDT
Comment on attachment 42043 [details] Patch 1 for Bug 30122 r=me If you want to be pedantic, overflow has defined behavior for unsigned but not for int. So it's best to code this sort of thing so it detects overflow before it happens or use unsigned. But that's not a realistic concern.
WebKit Commit Bot
Comment 4 2009-10-28 12:23:46 PDT
Comment on attachment 42043 [details] Patch 1 for Bug 30122 Clearing flags on attachment: 42043 Committed r50229: <http://trac.webkit.org/changeset/50229>
WebKit Commit Bot
Comment 5 2009-10-28 12:23:51 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.