Updates:
Status: Started
Comment #4 on issue 8060 by [email protected]: Reliability crash in
WebCore::ResourceHandle::cancel
http://code.google.com/p/chromium/issues/detail?id=8060
I think I found a small hole where this one could have sneaked through...
It crashes because of this code:
ResourceFetcher::~ResourceFetcher() {
if (!completed_)
loader_->cancel();
loader_ = NULL;
}
with loader_.m_ptr being NULL and completed being false.
The only way this can happen, is for ResourceFetcher::Start() to be called
with a WebCore::Frame for which loader() returns NULL (somehow).
And then the StartFailedTimer must have been scheduled "after" the
DeleteTask which
eventually called the crashing destructor mentioned above. When it is
scheduled
"before" delete task, then ResourceFetcher::StartFailed() is called and it
sets
completed to true via a call to ResourceFetcher::didFail().
So I guess, on top of checking for completed, we should also check for a
valid loader_ in ResourceFetcher::~ResourceFetcher() before calling cancel
on it.
Unless I missed something?
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
