[Webkit-unassigned] [Bug 119044] [Win] Crash after plugin is unloaded.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 18 10:23:26 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=119044
--- Comment #17 from peavo at outlook.com 2014-07-18 10:23:40 PST ---
(In reply to comment #16)
> (From update of attachment 235126 [details])
> While I'm not familiar with this particular issue, this fix is incorrect. We intentionally do not finalize WeakImpls eagerly. This would be a big regression in GC pause times.
>
> It is generally not OK to depend upon finalization of WeakImpls happening within any finite amount of time. The correct solution is probably something along the lines of "don't delete anything that the finalizer depends on until the finalizer runs".
Thanks for reviewing :)
Would it be an acceptable solution to add another virtual method to WeakHandleOwner, say WeakHandleOwner::reaped()?
This method would then be called from WeakBlock::reap(), and WebCore::RootObject would override it, and invalidate the runtime object in its implementation.
Alternatively, another solution not involving JSC, would be to use a weak pointer to the function pointer table (NPClass), so we don't run the risc of accessing a deleted function pointer table.
What do you think?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list