[webkit-reviews] review granted: [Bug 41507] WebSocket: Crash caused by calling close() within onmessage handler : [Attachment 61023] Fix v2 (Simplify test, add comments)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 9 10:23:29 PDT 2010
Alexey Proskuryakov <ap at webkit.org> has granted Yuta Kitamura
<yutak at chromium.org>'s request for review:
Bug 41507: WebSocket: Crash caused by calling close() within onmessage handler
https://bugs.webkit.org/show_bug.cgi?id=41507
Attachment 61023: Fix v2 (Simplify test, add comments)
https://bugs.webkit.org/attachment.cgi?id=61023&action=review
------- Additional Comments from Alexey Proskuryakov <ap at webkit.org>
+ m_bufferedAmountAfterClose = m_channel->bufferedAmount(); // May
dereference m_channel.
This comment is still misleading, we don't care about it being dereferenced.
WebSocket holds its own reference to m_channel.
I thin that the real explanation is that a didClose notification may be already
queued, which we will inadvertently process while waiting for bufferedAmount()
to return.
More information about the webkit-reviews
mailing list