[Webkit-unassigned] [Bug 51115] Crash in web process after the connection had been closed
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 6 02:05:55 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=51115
--- Comment #15 from Balazs Kelemen <kbalazs at webkit.org> 2011-01-06 02:05:55 PST ---
I should refine my opinion about using atomic here.
This is not enough in the following situation:
{
Client* client = ATOMIC_READ(m_client);
if (!client)
return;
--> Right now the listener thread invalidates the connection.
--> After that the client is allowed to be destructed so we can end up in
--> accessing a deleted object in the following line.
client->didCloseOnConnectionWorkQueue(&m_connectionQueue, this);
}
So the didClose... call should be in a mutually excluded block.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list