[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
steveblock at google.com
steveblock at google.com
Wed Dec 22 12:15:44 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit e115ec30aa0ac8c674a4d65919c4af975e9d566b
Author: steveblock at google.com <steveblock at google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Aug 17 23:05:42 2010 +0000
2010-08-17 Steve Block <steveblock at google.com>
Reviewed by Jeremy Orlow.
Geolocation clearWatch() needs to protect against invalid IDs
https://bugs.webkit.org/show_bug.cgi?id=44096
* fast/dom/Geolocation/clear-watch-invalid-id-crash-expected.txt: Added.
* fast/dom/Geolocation/clear-watch-invalid-id-crash.html: Added.
* fast/dom/Geolocation/script-tests/clear-watch-invalid-id-crash.js: Added.
* fast/dom/Geolocation/script-tests/notimer-after-unload.js:
(document.body.onload):
2010-08-17 Steve Block <steveblock at google.com>
Reviewed by Jeremy Orlow.
Geolocation clearWatch() needs to protect against invalid IDs
https://bugs.webkit.org/show_bug.cgi?id=44096
If the ID passed to clearWatch() is invalid, we early-out.
Test: fast/dom/Geolocation/clear-watch-invalid-id-crash.html
* page/Geolocation.cpp:
(WebCore::Geolocation::Watchers::set):
(WebCore::Geolocation::Watchers::remove):
(WebCore::Geolocation::watchPosition):
(WebCore::Geolocation::clearWatch):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@65570 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 7a60a82..092aff5 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,16 @@
+2010-08-17 Steve Block <steveblock at google.com>
+
+ Reviewed by Jeremy Orlow.
+
+ Geolocation clearWatch() needs to protect against invalid IDs
+ https://bugs.webkit.org/show_bug.cgi?id=44096
+
+ * fast/dom/Geolocation/clear-watch-invalid-id-crash-expected.txt: Added.
+ * fast/dom/Geolocation/clear-watch-invalid-id-crash.html: Added.
+ * fast/dom/Geolocation/script-tests/clear-watch-invalid-id-crash.js: Added.
+ * fast/dom/Geolocation/script-tests/notimer-after-unload.js:
+ (document.body.onload):
+
2010-08-17 Joseph Pecoraro <joepeck at webkit.org>
Reviewed by Pavel Feldman.
diff --git a/LayoutTests/fast/dom/Geolocation/clear-watch-invalid-id-crash-expected.txt b/LayoutTests/fast/dom/Geolocation/clear-watch-invalid-id-crash-expected.txt
new file mode 100644
index 0000000..f2e7f90
--- /dev/null
+++ b/LayoutTests/fast/dom/Geolocation/clear-watch-invalid-id-crash-expected.txt
@@ -0,0 +1 @@
+TEST COMPLETE
diff --git a/LayoutTests/fast/dom/Geolocation/clear-watch-invalid-id-crash.html b/LayoutTests/fast/dom/Geolocation/clear-watch-invalid-id-crash.html
new file mode 100644
index 0000000..bf492ec
--- /dev/null
+++ b/LayoutTests/fast/dom/Geolocation/clear-watch-invalid-id-crash.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../../js/resources/js-test-style.css">
+<script src="../../js/resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src="script-tests/clear-watch-invalid-id-crash.js"></script>
+<script src="../../js/resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/fast/dom/Geolocation/script-tests/clear-watch-invalid-id-crash.js b/LayoutTests/fast/dom/Geolocation/script-tests/clear-watch-invalid-id-crash.js
new file mode 100644
index 0000000..6176da0
--- /dev/null
+++ b/LayoutTests/fast/dom/Geolocation/script-tests/clear-watch-invalid-id-crash.js
@@ -0,0 +1,14 @@
+description("Tests for a crash when clearWatch() is called with a zero ID.<br><br>We call clearWatch() with a request in progress then navigate the page. This accesses the watchers map during cleanup and triggers the crash. This page should not be visible when the test completes.");
+
+if (window.layoutTestController) {
+ layoutTestController.setGeolocationPermission(true);
+ layoutTestController.setMockGeolocationPosition(51.478, -0.166, 100);
+} else
+ debug('This test can not be run without the LayoutTestController');
+
+navigator.geolocation.watchPosition(function() {});
+navigator.geolocation.clearWatch(0);
+location = "data:text/html,TEST COMPLETE<script>layoutTestController.notifyDone();</script>";
+
+window.jsTestIsAsync = true;
+window.successfullyParsed = true;
diff --git a/LayoutTests/fast/dom/Geolocation/script-tests/notimer-after-unload.js b/LayoutTests/fast/dom/Geolocation/script-tests/notimer-after-unload.js
index 4f789f6..8109bd0 100644
--- a/LayoutTests/fast/dom/Geolocation/script-tests/notimer-after-unload.js
+++ b/LayoutTests/fast/dom/Geolocation/script-tests/notimer-after-unload.js
@@ -3,7 +3,7 @@ description("Tests that no timers will trigger for navigator.geolocation object
if (window.layoutTestController) layoutTestController.setGeolocationPermission(true);
document.body.onload = function() {
- location = "data:text/html,You should have seen one unload alert appear.<script>window.setTimeout('if (window.layoutTestController) layoutTestController.notifyDone();', 100);</" + "script>";
+ location = "data:text/html,You should have seen one unload alert appear.<script>window.setTimeout('if (window.layoutTestController) layoutTestController.notifyDone();', 100);</script>";
}
document.body.onunload = function() {
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index cb603d6..5d00d16 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2010-08-17 Steve Block <steveblock at google.com>
+
+ Reviewed by Jeremy Orlow.
+
+ Geolocation clearWatch() needs to protect against invalid IDs
+ https://bugs.webkit.org/show_bug.cgi?id=44096
+
+ If the ID passed to clearWatch() is invalid, we early-out.
+
+ Test: fast/dom/Geolocation/clear-watch-invalid-id-crash.html
+
+ * page/Geolocation.cpp:
+ (WebCore::Geolocation::Watchers::set):
+ (WebCore::Geolocation::Watchers::remove):
+ (WebCore::Geolocation::watchPosition):
+ (WebCore::Geolocation::clearWatch):
+
2010-08-17 Stephen White <senorblanco at chromium.org>
Reviewed by David Levin.
diff --git a/WebCore/page/Geolocation.cpp b/WebCore/page/Geolocation.cpp
index b8f1e29..fd10f27 100644
--- a/WebCore/page/Geolocation.cpp
+++ b/WebCore/page/Geolocation.cpp
@@ -49,6 +49,8 @@ static const char permissionDeniedErrorMessage[] = "User denied Geolocation";
static const char failedToStartServiceErrorMessage[] = "Failed to start Geolocation service";
static const char framelessDocumentErrorMessage[] = "Geolocation cannot be used in frameless documents";
+static const int firstAvailableWatchId = 1;
+
#if ENABLE(CLIENT_BASED_GEOLOCATION)
static PassRefPtr<Geoposition> createGeoposition(GeolocationPosition* position)
@@ -164,6 +166,7 @@ void Geolocation::GeoNotifier::timerFired(Timer<GeoNotifier>*)
void Geolocation::Watchers::set(int id, PassRefPtr<GeoNotifier> prpNotifier)
{
+ ASSERT(id > 0);
RefPtr<GeoNotifier> notifier = prpNotifier;
m_idToNotifierMap.set(id, notifier.get());
@@ -172,6 +175,7 @@ void Geolocation::Watchers::set(int id, PassRefPtr<GeoNotifier> prpNotifier)
void Geolocation::Watchers::remove(int id)
{
+ ASSERT(id > 0);
IdToNotifierMap::iterator iter = m_idToNotifierMap.find(id);
if (iter == m_idToNotifierMap.end())
return;
@@ -275,7 +279,7 @@ int Geolocation::watchPosition(PassRefPtr<PositionCallback> successCallback, Pas
RefPtr<GeoNotifier> notifier = startRequest(successCallback, errorCallback, options);
ASSERT(notifier);
- static int nextAvailableWatchId = 1;
+ static int nextAvailableWatchId = firstAvailableWatchId;
// In case of overflow, make sure the ID remains positive, but reuse the ID values.
if (nextAvailableWatchId < 1)
nextAvailableWatchId = 1;
@@ -392,6 +396,9 @@ bool Geolocation::haveSuitableCachedPosition(PositionOptions* options)
void Geolocation::clearWatch(int watchId)
{
+ if (watchId < firstAvailableWatchId)
+ return;
+
m_watchers.remove(watchId);
if (!hasListeners())
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list