net: fix two small issues with DnsRRResolver

1) Cache hits resulted in a memory leak. RRResolverHandles didn't delete themselves so, in the event of a cache hit, when a runnable method calling Post() was used, they would never be deleted. 2) It was possible to delete a lock which was still locked, causing a possible memory leak, depending on the implementation of pthread mutexes. BUG=57456 TEST=net_unittests http://codereview.chromium.org/3531006/show git-svn-id: svn://svn.chromium.org/chrome/trunk/src@61136 0039d316-1c4b-4281-b951-d872f2087c98
author: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-10-01 01:08:58 +0000
committer: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-10-01 01:08:58 +0000
commit: f6bf4677890bf65151521f1bbec72d8e77290a67 (patch)
tree: e79eb4874de8889085a3d95aa4b93b94aab00c44 /net/base/dnsrr_resolver.cc
parent: ecc166dd8f1bd5bcbf39c868cc4dd7f5ca2de634 (diff)
download: chromium_src-f6bf4677890bf65151521f1bbec72d8e77290a67.zip
chromium_src-f6bf4677890bf65151521f1bbec72d8e77290a67.tar.gz
chromium_src-f6bf4677890bf65151521f1bbec72d8e77290a67.tar.bz2
1 files changed, 10 insertions, 5 deletions
diff --git a/net/base/dnsrr_resolver.cc b/net/base/dnsrr_resolver.cc
index 9401658..0eac805 100644
--- a/net/base/dnsrr_resolver.cc
+++ b/net/base/dnsrr_resolver.cc
@@ -113,6 +113,7 @@ class RRResolverHandle {
     if (response_ && response)
       *response_ = *response;
     callback_->Run(rv);
+    delete this;
   }
 
  private:
@@ -268,10 +269,14 @@ class RRResolverWorker {
   // DoReply runs on the origin thread.
   void DoReply() {
     DCHECK_EQ(MessageLoop::current(), origin_loop_);
-    // No locking here because, since the worker thread part of the lookup is
-    // complete, only one thread can access this object now.
-    if (!canceled_)
-      dnsrr_resolver_->HandleResult(name_, rrtype_, result_, response_);
+    {
+      // We lock here because the worker thread could still be in Finished,
+      // after the PostTask, but before unlocking |lock_|. In this case, we end
+      // up deleting a locked Lock, which can lead to memory leaks.
+      AutoLock locked(lock_);
+      if (!canceled_)
+        dnsrr_resolver_->HandleResult(name_, rrtype_, result_, response_);
+    }
     delete this;
   }
 
@@ -581,7 +586,7 @@ class RRResolverJob {
     for (std::vector<RRResolverHandle*>::iterator
          i = handles.begin(); i != handles.end(); i++) {
       (*i)->Post(result, response);
-      delete *i;
+      // Post() causes the RRResolverHandle to delete itself.
     }
   }
author	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-10-01 01:08:58 +0000
committer	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-10-01 01:08:58 +0000
commit	f6bf4677890bf65151521f1bbec72d8e77290a67 (patch)
tree	e79eb4874de8889085a3d95aa4b93b94aab00c44 /net/base/dnsrr_resolver.cc
parent	ecc166dd8f1bd5bcbf39c868cc4dd7f5ca2de634 (diff)
download	chromium_src-f6bf4677890bf65151521f1bbec72d8e77290a67.zip chromium_src-f6bf4677890bf65151521f1bbec72d8e77290a67.tar.gz chromium_src-f6bf4677890bf65151521f1bbec72d8e77290a67.tar.bz2