Bug 589721 - Segfault when closing remote tab with open geolocation prompt. r=dougt a=blocking-fennec=2.0a1+ GECKO20b5pre_20100820_RELBRANCH FENNEC_2_0a1_BUILD2 FENNEC_2_0a1_BUILD3 FENNEC_2_0a1_RELEASE
authorJosh Matthews <josh@joshmatthews.net>
Mon, 23 Aug 2010 01:13:08 -0400
branchGECKO20b5pre_20100820_RELBRANCH
changeset 51281 f0e151e87568
parent 51280 c53f95cf23f1
child 51282 b084a7585be7
push idunknown
push userunknown
push dateunknown
reviewersdougt, blocking-fennec
bugs589721
milestone2.0b5pre
Bug 589721 - Segfault when closing remote tab with open geolocation prompt. r=dougt a=blocking-fennec=2.0a1+
dom/ipc/TabChild.cpp
dom/src/geolocation/nsGeolocation.cpp
--- a/dom/ipc/TabChild.cpp
+++ b/dom/ipc/TabChild.cpp
@@ -81,16 +81,17 @@
 #include "nsIDOMDocument.h"
 #include "nsIScriptGlobalObject.h"
 #include "nsWeakReference.h"
 #include "nsISecureBrowserUI.h"
 #include "nsISSLStatusProvider.h"
 #include "nsSerializationHelper.h"
 #include "nsIFrame.h"
 #include "nsIView.h"
+#include "nsGeolocation.h"
 
 #ifdef MOZ_WIDGET_QT
 #include <QX11EmbedWidget>
 #include <QGraphicsView>
 #include <QGraphicsWidget>
 #endif
 
 #ifdef MOZ_WIDGET_GTK2
@@ -978,16 +979,17 @@ TabChild::AllocPGeolocationRequest(const
 {
   NS_RUNTIMEABORT("unused");
   return nsnull;
 }
 
 bool
 TabChild::DeallocPGeolocationRequest(PGeolocationRequestChild* actor)
 {
+  static_cast<nsGeolocationRequest*>(actor)->Release();
   return true;
 }
 
 bool
 TabChild::RecvActivateFrameEvent(const nsString& aType, const bool& capture)
 {
   nsCOMPtr<nsPIDOMWindow> window = do_GetInterface(mWebNav);
   NS_ENSURE_TRUE(window, true);
--- a/dom/src/geolocation/nsGeolocation.cpp
+++ b/dom/src/geolocation/nsGeolocation.cpp
@@ -1014,20 +1014,23 @@ nsGeolocation::RegisterRequestWithPrompt
     nsCOMPtr<nsPIDOMWindow> window = do_QueryReferent(mOwner);
     if (!window)
       return;
 
     // because owner implements nsITabChild, we can assume that it is
     // the one and only TabChild.
     TabChild* child = GetTabChildFrom(window->GetDocShell());
     
-    PGeolocationRequestChild* a = 
-        child->SendPGeolocationRequestConstructor(request, IPC::URI(mURI));
+    child->SendPGeolocationRequestConstructor(request, IPC::URI(mURI));
+    
+    // Retain a reference so the object isn't deleted without IPDL's knowledge.
+    // Corresponding release occurs in DeallocPGeolocationRequest.
+    request->AddRef();
 
-    (void) a->Sendprompt();
+    unused << request->Sendprompt();
     return;
   }
 #endif
 
   nsCOMPtr<nsIGeolocationPrompt> prompt = do_GetService(NS_GEOLOCATION_PROMPT_CONTRACTID);
   NS_ASSERTION(prompt, "null geolocation prompt.  geolocation will not work without one.");
   if (prompt)
     prompt->Prompt(request);