Title: [112576] trunk/Source/WebKit/chromium
- Revision
- 112576
- Author
- dslo...@google.com
- Date
- 2012-03-29 14:20:11 -0700 (Thu, 29 Mar 2012)
Log Message
[Chromium] WorkerFileSystemContextObserver can reference a deleted WorkerFileSystemCallbacksBridge.
https://bugs.webkit.org/show_bug.cgi?id=82565
WorkerFileSystemCallbacksBridge relies on a cleanUpAfterCallback being called
prior to the disposal of the bridge to ensure that WorkerFileSystemContextObserver
is unsubscribed and deleted. However cleanUpAfterCallback will only execute if the bridge's
callback has executed on the worker thread, and this might not be the case if the worker
terminates.
This patch fixes this by maintaining a RefPtr from WorkerFileSystemContextObserver to
WorkerFileSystemCallbacksBridge. This ensures that bridge is not deleted while observer is alive.
Reviewed by David Levin.
* src/WorkerFileSystemCallbacksBridge.cpp:
(WebKit::WorkerFileSystemContextObserver::create):
(WebKit::WorkerFileSystemContextObserver::WorkerFileSystemContextObserver):
(WorkerFileSystemContextObserver):
Modified Paths
Diff
Modified: trunk/Source/WebKit/chromium/ChangeLog (112575 => 112576)
--- trunk/Source/WebKit/chromium/ChangeLog 2012-03-29 21:16:23 UTC (rev 112575)
+++ trunk/Source/WebKit/chromium/ChangeLog 2012-03-29 21:20:11 UTC (rev 112576)
@@ -1,3 +1,24 @@
+2012-03-29 Dmitry Lomov <dslo...@google.com>
+
+ [Chromium] WorkerFileSystemContextObserver can reference a deleted WorkerFileSystemCallbacksBridge.
+ https://bugs.webkit.org/show_bug.cgi?id=82565
+
+ WorkerFileSystemCallbacksBridge relies on a cleanUpAfterCallback being called
+ prior to the disposal of the bridge to ensure that WorkerFileSystemContextObserver
+ is unsubscribed and deleted. However cleanUpAfterCallback will only execute if the bridge's
+ callback has executed on the worker thread, and this might not be the case if the worker
+ terminates.
+
+ This patch fixes this by maintaining a RefPtr from WorkerFileSystemContextObserver to
+ WorkerFileSystemCallbacksBridge. This ensures that bridge is not deleted while observer is alive.
+
+ Reviewed by David Levin.
+
+ * src/WorkerFileSystemCallbacksBridge.cpp:
+ (WebKit::WorkerFileSystemContextObserver::create):
+ (WebKit::WorkerFileSystemContextObserver::WorkerFileSystemContextObserver):
+ (WorkerFileSystemContextObserver):
+
2012-03-29 Adam Barth <aba...@webkit.org>
Move CPP files related to ResourceHandle to WebCore/platform
Modified: trunk/Source/WebKit/chromium/src/WorkerFileSystemCallbacksBridge.cpp (112575 => 112576)
--- trunk/Source/WebKit/chromium/src/WorkerFileSystemCallbacksBridge.cpp 2012-03-29 21:16:23 UTC (rev 112575)
+++ trunk/Source/WebKit/chromium/src/WorkerFileSystemCallbacksBridge.cpp 2012-03-29 21:20:11 UTC (rev 112576)
@@ -146,7 +146,7 @@
// that it only gets deleted on the worker context thread which is verified by ~Observer.
class WorkerFileSystemContextObserver : public WebCore::WorkerContext::Observer {
public:
- static PassOwnPtr<WorkerFileSystemContextObserver> create(WorkerContext* context, WorkerFileSystemCallbacksBridge* bridge)
+ static PassOwnPtr<WorkerFileSystemContextObserver> create(WorkerContext* context, PassRefPtr<WorkerFileSystemCallbacksBridge> bridge)
{
return adoptPtr(new WorkerFileSystemContextObserver(context, bridge));
}
@@ -158,15 +158,13 @@
}
private:
- WorkerFileSystemContextObserver(WorkerContext* context, WorkerFileSystemCallbacksBridge* bridge)
+ WorkerFileSystemContextObserver(WorkerContext* context, PassRefPtr<WorkerFileSystemCallbacksBridge> bridge)
: WebCore::WorkerContext::Observer(context)
, m_bridge(bridge)
{
}
- // Since WorkerFileSystemCallbacksBridge manages the lifetime of this class,
- // m_bridge will be valid throughout its lifetime.
- WorkerFileSystemCallbacksBridge* m_bridge;
+ RefPtr<WorkerFileSystemCallbacksBridge> m_bridge;
};
void WorkerFileSystemCallbacksBridge::stop()
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
