diff options
| author | jam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-10-10 01:04:48 +0000 |
|---|---|---|
| committer | jam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-10-10 01:04:48 +0000 |
| commit | 18bdd9f5eb65b0979fe6ef610aeede9bc32b1e5a (patch) | |
| tree | 98b04a0f1e64dcdcbad7123e7dcce49d7cc93546 /chrome | |
| parent | f5857bc22887f8bffe9fb3135768aa0286a927eb (diff) | |
| download | chromium_src-18bdd9f5eb65b0979fe6ef610aeede9bc32b1e5a.zip chromium_src-18bdd9f5eb65b0979fe6ef610aeede9bc32b1e5a.tar.gz chromium_src-18bdd9f5eb65b0979fe6ef610aeede9bc32b1e5a.tar.bz2 | |
Fix another race condition on worker process shutdown that results in use-after-free. Like 23018, this is happening because valgrind is slowing the worker thread shutdown enough that the backup terminate process code executes.
BUG=24346
TEST=covered by valgrind
Review URL: http://codereview.chromium.org/266036
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@28646 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
| -rw-r--r-- | chrome/renderer/webworker_proxy.cc | 3 | ||||
| -rw-r--r-- | chrome/renderer/webworker_proxy.h | 1 | ||||
| -rw-r--r-- | chrome/worker/nativewebworker_impl.cc | 3 | ||||
| -rw-r--r-- | chrome/worker/nativewebworker_impl.h | 1 | ||||
| -rw-r--r-- | chrome/worker/webworkerclient_proxy.cc | 1 |
5 files changed, 9 insertions, 0 deletions
diff --git a/chrome/renderer/webworker_proxy.cc b/chrome/renderer/webworker_proxy.cc index b350470..3932d6e 100644 --- a/chrome/renderer/webworker_proxy.cc +++ b/chrome/renderer/webworker_proxy.cc @@ -97,6 +97,9 @@ void WebWorkerProxy::workerObjectDestroyed() { delete this; } +void WebWorkerProxy::clientDestroyed() { +} + bool WebWorkerProxy::Send(IPC::Message* message) { // It's possible that postMessage is called before the worker is created, in // which case route_id_ will be none. Or the worker object can be interacted diff --git a/chrome/renderer/webworker_proxy.h b/chrome/renderer/webworker_proxy.h index d47f3fb..8c53a67 100644 --- a/chrome/renderer/webworker_proxy.h +++ b/chrome/renderer/webworker_proxy.h @@ -38,6 +38,7 @@ class WebWorkerProxy : public WebKit::WebWorker, const WebKit::WebString& message, const WebKit::WebMessagePortChannelArray& channel_array); virtual void workerObjectDestroyed(); + virtual void clientDestroyed(); // IPC::Channel::Listener implementation. void OnMessageReceived(const IPC::Message& message); diff --git a/chrome/worker/nativewebworker_impl.cc b/chrome/worker/nativewebworker_impl.cc index 1383e63..58a5c07 100644 --- a/chrome/worker/nativewebworker_impl.cc +++ b/chrome/worker/nativewebworker_impl.cc @@ -164,3 +164,6 @@ void NativeWebWorkerImpl::postMessageToWorkerContext( void NativeWebWorkerImpl::workerObjectDestroyed() { } + +void NativeWebWorkerImpl::clientDestroyed() { +} diff --git a/chrome/worker/nativewebworker_impl.h b/chrome/worker/nativewebworker_impl.h index 29d85c9..2407136 100644 --- a/chrome/worker/nativewebworker_impl.h +++ b/chrome/worker/nativewebworker_impl.h @@ -31,6 +31,7 @@ class NativeWebWorkerImpl : public WebKit::WebWorker { const WebKit::WebString& message, const WebKit::WebMessagePortChannelArray& channels); void workerObjectDestroyed(); + void clientDestroyed(); private: WebKit::WebWorkerClient* client_; diff --git a/chrome/worker/webworkerclient_proxy.cc b/chrome/worker/webworkerclient_proxy.cc index de31734..9fe0870 100644 --- a/chrome/worker/webworkerclient_proxy.cc +++ b/chrome/worker/webworkerclient_proxy.cc @@ -60,6 +60,7 @@ WebWorkerClientProxy::WebWorkerClientProxy(const GURL& url, int route_id) } WebWorkerClientProxy::~WebWorkerClientProxy() { + impl_->clientDestroyed(); WorkerThread::current()->RemoveRoute(route_id_); ChildProcess::current()->ReleaseProcess(); } |