[Webkit-unassigned] [Bug 51112] IDBTransactionBackedImpl instances can be accidentally deleted during calls to abort/commit.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Dec 17 11:24:35 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=51112
--- Comment #8 from Jeremy Orlow <jorlow at chromium.org> 2010-12-17 11:24:35 PST ---
(In reply to comment #6)
> (In reply to comment #3)
> > Besides Eric's comments, it looks good. In theory, it might be possible to repro this in DRT by creating a transaction, leaving the scope where it was created, doing a gc(), and then praying. It wouldn't surprise me if we couldn't come up with a reliable repro, but please give it a shot.
>
> Ok, added a test. I can see in in Visual Studio the deletion happening before accessing member variables of the deleted instance but the test does not always crash for me as the memory isn't always reclaimed. However, if the memory is reclaimed, this test will trigger the crash.
I'm pretty sure there's nothing much more you can do here. It's definitely better than nothing and tools like Valgrind should catch the errors.
Thanks.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list