chromium_src.git - central chromium sources

diff options

author	simonjam@chromium.org <simonjam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-01-30 20:57:27 +0000
committer	simonjam@chromium.org <simonjam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-01-30 20:57:27 +0000
commit	c940b7c4d7d6daab56ba8604979df1aef382e4e2 (patch)
tree	683ee9cf43fe11a940516aa1697555dbd9d0c26c /chrome/browser/browser_about_handler.h
parent	c242ced5b31013647094b646322149dde45460c8 (diff)
download	chromium_src-c940b7c4d7d6daab56ba8604979df1aef382e4e2.zip chromium_src-c940b7c4d7d6daab56ba8604979df1aef382e4e2.tar.gz chromium_src-c940b7c4d7d6daab56ba8604979df1aef382e4e2.tar.bz2

Disconnect pipeline socket immediately on Close(true) while a Read*() is pending.

This is a speculative fix for bug 105320. The chain of events that could tickle this is: 1. A HttpNetworkTransaction is canceled while a Read is blocked. 2. When the transaction is deleted: - It calls HttpPipelinedStream::Close(true), which queues tasks to evict the other streams on the pipeline. - It deletes the HttpPipelinedStream, which deletes the active HttpStreamParser. 4. The response has already arrived and is already on the message queue. It runs and tries to callback to the deleted HttpStreamParser. We likely crash. 5. The eviction tasks run and delete their streams, which allows the HttpPipelinedConnectionImpl destructor to run, which closes the socket. BUG=105320 TEST=net_unittests Review URL: http://codereview.chromium.org/9223033 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@119728 0039d316-1c4b-4281-b951-d872f2087c98

Diffstat (limited to 'chrome/browser/browser_about_handler.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: