diff options
author | erg@google.com <erg@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-28 00:09:54 +0000 |
---|---|---|
committer | erg@google.com <erg@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-28 00:09:54 +0000 |
commit | 307175443726a8a2a23b99371900812bb020f9a0 (patch) | |
tree | eb5e8f92dee5617aa57f24a88974c76df6bfd43b /base/ref_counted_memory.h | |
parent | 930c7473b7ee905ceec94850034ce4e6fa441ca1 (diff) | |
download | chromium_src-307175443726a8a2a23b99371900812bb020f9a0.zip chromium_src-307175443726a8a2a23b99371900812bb020f9a0.tar.gz chromium_src-307175443726a8a2a23b99371900812bb020f9a0.tar.bz2 |
Speculative fix for crash in DOMUIThumbnailSource.
DOMUIThumbnailSource objects are deleted on the IO thread, while they are used
on the UI thread. The DataSource documentation says that they should not live
on the IO thread, but for almost all DataSources, the only reference held is
the one by ChromeURLDataManager, which lives on the IO thread. Since I had a racy
stack where the object was being used on the UI thread while its destructor was
running on the IO thread, forcing destruction on the UI thread should fix
the crash.
Pretty much everything but changing the templated base class of DataSource to
always DeleteOnUIThread is my usual cleanup.
BUG=34115
TEST=none
Review URL: http://codereview.chromium.org/3061009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53873 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base/ref_counted_memory.h')
-rw-r--r-- | base/ref_counted_memory.h | 27 |
1 files changed, 9 insertions, 18 deletions
diff --git a/base/ref_counted_memory.h b/base/ref_counted_memory.h index a5323cd..9ff8335 100644 --- a/base/ref_counted_memory.h +++ b/base/ref_counted_memory.h @@ -1,4 +1,4 @@ -// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -40,8 +40,8 @@ class RefCountedStaticMemory : public RefCountedMemory { RefCountedStaticMemory(const unsigned char* data, size_t length) : data_(data), length_(length) {} - virtual const unsigned char* front() const { return data_; } - virtual size_t size() const { return length_; } + virtual const unsigned char* front() const; + virtual size_t size() const; private: const unsigned char* data_; @@ -57,24 +57,15 @@ class RefCountedBytes : public RefCountedMemory { // Constructs a RefCountedBytes object by performing a swap. (To non // destructively build a RefCountedBytes, use the constructor that takes a // vector.) - static RefCountedBytes* TakeVector(std::vector<unsigned char>* to_destroy) { - RefCountedBytes* bytes = new RefCountedBytes; - bytes->data.swap(*to_destroy); - return bytes; - } + static RefCountedBytes* TakeVector(std::vector<unsigned char>* to_destroy); - RefCountedBytes() {} + RefCountedBytes(); // Constructs a RefCountedBytes object by _copying_ from |initializer|. - RefCountedBytes(const std::vector<unsigned char>& initializer) - : data(initializer) {} - - virtual const unsigned char* front() const { - // STL will assert if we do front() on an empty vector, but calling code - // expects a NULL. - return size() ? &data.front() : NULL; - } - virtual size_t size() const { return data.size(); } + RefCountedBytes(const std::vector<unsigned char>& initializer); + + virtual const unsigned char* front() const; + virtual size_t size() const; std::vector<unsigned char> data; |