[Webkit-unassigned] [Bug 67582] Calling nativeImageForCurrentFrame() causes assertion failure: m_verifier.isSafeToUse()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Sep 6 13:35:19 PDT 2011


--- Comment #3 from David Levin <levin at chromium.org>  2011-09-06 13:35:19 PST ---
(In reply to comment #2)
> I think the right question for us is what is the design. What is supposed to make this threadsafe?

There are two comments in the code to indicate the design:
1. From IconDatabase.h,  "Holding m_urlAndIconLock is required when accessing any of the following data structures or the objects they contain". This includes the data that is refcounted in this callstack. The lock is not held so the assert is correct in that sense.

2. In  IconDatabase::synchronousIconForPageURL, there is a comment which starts with "PARANOID DISCUSSION" (added here http://trac.webkit.org/changeset/25439/trunk/WebCore/loader/icon/IconDatabase.cpp). It has a long explanation about why returning Image* is ok. I don't think it considered platforms which did ref counting of the guts of these structures.

In short, I believe this is real a bug.

At a high level the appropriate fix would be to lock m_urlAndIconLock when accessing the SharedBuffer or for synchronousIconForPageURL to return a PassRefPtr which isn't shared across threads..

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list