[Webkit-unassigned] [Bug 31206] Database can be the last to deref Document, resulting in ~Document on the Database thread.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 6 10:58:32 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=31206
Darin Adler <darin at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #42652|review? |review-
Flag| |
--- Comment #2 from Darin Adler <darin at apple.com> 2009-11-06 10:58:31 PDT ---
(From update of attachment 42652)
> +static void derefDocument(void* document)
> +{
> + (reinterpret_cast<Document*>(document))->deref();
> +}
This should be a static_cast, not a reinterpret_cast. Also, no need for the
extra parentheses.
> + // in case we're the last to reference the Document, deref it on the main thread
> + m_document->ref();
> + callOnMainThread(derefDocument, m_document.get());
Since the reference counting for nodes is not thread safe, it's not safe to
modify the reference count of the document on a non-main thread. Doing a ref
here just trades one kind of thread-safety problem for another, more subtle one
that can lead to early destruction of the Document or a storage leak. The call
to m_document->ref() is not correct. Instead, you have to call
m_document.release().releaseRef(), which will not give you a Document* and not
attempt to read or modify the reference count at all on the current thread.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list