diff options
| author | huanr@chromium.org <huanr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-02-07 00:37:01 +0000 |
|---|---|---|
| committer | huanr@chromium.org <huanr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-02-07 00:37:01 +0000 |
| commit | 95284326ea69903454907a200ad43ec41d158105 (patch) | |
| tree | 94b490c3fbb265adb2da045891ad33aae85c827e /chrome/common/ref_counted_util.h | |
| parent | c2edee81c21facd6d752a00997282946389d1984 (diff) | |
| download | chromium_src-95284326ea69903454907a200ad43ec41d158105.zip chromium_src-95284326ea69903454907a200ad43ec41d158105.tar.gz chromium_src-95284326ea69903454907a200ad43ec41d158105.tar.bz2 | |
Fix a memory error when a timer task deleles its
original timer in the receiver method. This happens
in the events of following sequence:
- A TimerTask is created on message loop
- When TimerTask::Run is called, it nullifies
timer_->delayed_task.
- The receiver method is dispatched, and inside
the method, the timer_ is deleted. Since
timer_->delayed_task being null, the timer_
destructor will not orphan the task.
- After the method is returned, message loop
deletes the task which will deref the
dangling pointer to timer_.
I also tried to add a unit test to this. The best
I can come up with is making the test process
crash/fail in full page heap or purify environment.
BUG=1570948
Review URL: http://codereview.chromium.org/20111
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9368 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/common/ref_counted_util.h')
0 files changed, 0 insertions, 0 deletions