Comment #4 on issue 17027 by bugdro...@chromium.org: Crash -
tcmalloc::ThreadCache::FreeList::PopRange(int,void * *,void * *)
http://code.google.com/p/chromium/issues/detail?id=17027
The following revision refers to this bug:
http://src.chromium.org/viewvc/chrome?view=rev&revision=22848
------------------------------------------------------------------------
r22848 | lafo...@chromium.org | 2009-08-07 18:07:44 -0700 (Fri, 07 Aug
2009) | 17 lines
Changed paths:
M
http://src.chromium.org/viewvc/chrome/branches/195/src/base/pickle.cc?r1=22848&r2=22847
Merge 22261 - Add defensive code in pickle to preclude realloc of shared
header_ memory.
Since I was able to (some how) generate a problem with header_ being
double freed (perhaps, because it was shared in some way??), this change
adds several lines of defensive coding. The current assignment operator
appears very dangerous, as it allowed Resize to be called when the header_
was not owned by the instance (it was readonly). I haven't found a path
to cause a problem, but we may as well be defensive.
BUG=17027
BUG=17088
r=CPU
Review URL: http://codereview.chromium.org/160490
tbr=...@chromium.org
Review URL: http://codereview.chromium.org/165200
------------------------------------------------------------------------
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
