diff options
| author | tommi@chromium.org <tommi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-05-14 20:31:55 +0000 |
|---|---|---|
| committer | tommi@chromium.org <tommi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-05-14 20:31:55 +0000 |
| commit | 77d7aeebd314325c40d602bdaffe9342e3f4e29e (patch) | |
| tree | 803526d79f6418adc12b6a9cf3fc66bf02bd9907 /chrome_frame/bind_status_callback_impl.cc | |
| parent | 29d6f5f2b19477cfef438f3e4a6ba762da6c7f25 (diff) | |
| download | chromium_src-77d7aeebd314325c40d602bdaffe9342e3f4e29e.zip chromium_src-77d7aeebd314325c40d602bdaffe9342e3f4e29e.tar.gz chromium_src-77d7aeebd314325c40d602bdaffe9342e3f4e29e.tar.bz2 | |
Candidate fix for bug 44108. The FromBindContext function was inherently racy as it returned a pointer to a non-addrefed pointer and the AddRef/Release implementation in the BindContextInfo was not thread safe.
Also fixed BSCBStorageBind object leak.
TEST=See bug description
BUG=44108
Review URL: http://codereview.chromium.org/2080005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47306 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame/bind_status_callback_impl.cc')
| -rw-r--r-- | chrome_frame/bind_status_callback_impl.cc | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/chrome_frame/bind_status_callback_impl.cc b/chrome_frame/bind_status_callback_impl.cc index 91a8424..3b7ff04 100644 --- a/chrome_frame/bind_status_callback_impl.cc +++ b/chrome_frame/bind_status_callback_impl.cc @@ -44,12 +44,19 @@ HRESULT BSCBImpl::AttachToBind(IBindCtx* bind_ctx) { } HRESULT BSCBImpl::ReleaseBind() { + // AddRef ourselves while we release these objects as we might + // perish during this operation. + AddRef(); + HRESULT hr = S_OK; if (bind_ctx_) { hr = ::RevokeBindStatusCallback(bind_ctx_, this); } delegate_.Release(); bind_ctx_.Release(); + + Release(); + return hr; } |