[webkit-changes] [113291] trunk/Source/WebCore

[dslomov]

Title: [113291] trunk/Source/WebCore

Revision

113291

Author

dslo...@google.com

Date

2012-04-04 22:15:10 -0700 (Wed, 04 Apr 2012)

Log Message

WorkerEventQueue::close might access deleted WorkerEventQueue::EventDispatcherTask.
https://bugs.webkit.org/show_bug.cgi?id=83202

On closing the event queue, WorkerEventQueue cancels all the tasks associated with events.
The tasks in their turn delete themselves from the map whenever task gets executed.
However if shutdown occurs when task is in queue but before task gets executed, the task will be deleted without execution.
This patch makes sure that no deleted tasks stay in WorkerEventQueue, by task removing itself in destructor.

Reviewed by David Levin.

Covered by existing tests.

* workers/WorkerEventQueue.cpp:
(WebCore::WorkerEventQueue::EventDispatcherTask::~EventDispatcherTask):
(WorkerEventQueue::EventDispatcherTask):
(WebCore::WorkerEventQueue::EventDispatcherTask::performTask):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/workers/WorkerEventQueue.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (113290 => 113291)

--- trunk/Source/WebCore/ChangeLog	2012-04-05 05:13:09 UTC (rev 113290)
+++ trunk/Source/WebCore/ChangeLog	2012-04-05 05:15:10 UTC (rev 113291)
@@ -1,3 +1,22 @@
+2012-04-04  Dmitry Lomov  <dslo...@google.com>
+
+        WorkerEventQueue::close might access deleted WorkerEventQueue::EventDispatcherTask.
+        https://bugs.webkit.org/show_bug.cgi?id=83202
+
+        On closing the event queue, WorkerEventQueue cancels all the tasks associated with events.
+        The tasks in their turn delete themselves from the map whenever task gets executed.
+        However if shutdown occurs when task is in queue but before task gets executed, the task will be deleted without execution.
+        This patch makes sure that no deleted tasks stay in WorkerEventQueue, by task removing itself in destructor.
+
+        Reviewed by David Levin.
+
+        Covered by existing tests.
+
+        * workers/WorkerEventQueue.cpp:
+        (WebCore::WorkerEventQueue::EventDispatcherTask::~EventDispatcherTask):
+        (WorkerEventQueue::EventDispatcherTask):
+        (WebCore::WorkerEventQueue::EventDispatcherTask::performTask):
+
 2012-04-04  Julien Chaffraix  <jchaffr...@webkit.org>
 
         RenderLayer scrollbars' updates should be split between layout induced and style change induced

Modified: trunk/Source/WebCore/workers/WorkerEventQueue.cpp (113290 => 113291)

--- trunk/Source/WebCore/workers/WorkerEventQueue.cpp	2012-04-05 05:13:09 UTC (rev 113290)
+++ trunk/Source/WebCore/workers/WorkerEventQueue.cpp	2012-04-05 05:15:10 UTC (rev 113291)
@@ -58,6 +58,12 @@
         return adoptPtr(new EventDispatcherTask(event, eventQueue));
     }
 
+    virtual ~EventDispatcherTask()
+    {
+        if (m_event)
+            m_eventQueue->removeEvent(m_event.get());
+    }
+
     void dispatchEvent(ScriptExecutionContext*, PassRefPtr<Event> event)
     {
         event->target()->dispatchEvent(event);
@@ -69,6 +75,7 @@
             return;
         m_eventQueue->removeEvent(m_event.get());
         dispatchEvent(context, m_event);
+        m_event.clear();
     }
 
     void cancel()

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes