Hi, when a request for geolocation permission is emited, and document asking for permission is unloaded, it's possible for the embedder to still call setIsAllowed (possibly other functions) after document has been unloaded. Then, a crash occurs in Geolocation::makeSuccessCallbacks or Geolocation::handleError The crash happens in copyToVector inline function. After investigating, I discovered in this part of copyToVector vector.resize(collection.size()); iterator it = collection.begin(); iterator end = collection.end(); for (unsigned i = 0; it != end; ++it, ++i) vector[i] = (*it).first; collection.size() evaluates to 1, but loop is entered twice; I don't understood why. Is it a good idea to have a boolean member m_isDisconnected, set it to false in disconnectFrame, and check its value at start of handleError and makeSuccessCallbacks ? or is there a better solution ?
Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7295511 in WebCore::Geolocation::makeSuccessCallbacks() () from /home/arno/webkit/WebKit/WebKitBuild/arno/Release/.libs/libwebkit-1.0.so (gdb) where #0 0x00007ffff7295511 in WebCore::Geolocation::makeSuccessCallbacks() () from /home/arno/webkit/WebKit/WebKitBuild/arno/Release/.libs/libwebkit-1.0.so #1 0x00007ffff7295797 in WebCore::Geolocation::setIsAllowed(bool) () from /home/arno/webkit/WebKit/WebKitBuild/arno/Release/.libs/libwebkit-1.0.so
<rdar://problem/7958405>
This isn't reproducible in Safari. Does this still happen on Linux? Was it Qt or Gtk?
No answer, closing. Geolocation lifetime handling is being rewritten now anyway.