diff options
| author | tsepez@chromium.org <tsepez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-11-16 07:35:55 +0000 |
|---|---|---|
| committer | tsepez@chromium.org <tsepez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-11-16 07:35:55 +0000 |
| commit | a75c45bf1cad925548a75bf88f828443bc8ee27d (patch) | |
| tree | a0b9870e6e0e19ee2fe08ca890b4f2dffb010c74 /webkit/plugins | |
| parent | 5b10056aaaa25602c4a2da627ae1715257ed27dc (diff) | |
| download | chromium_src-a75c45bf1cad925548a75bf88f828443bc8ee27d.zip chromium_src-a75c45bf1cad925548a75bf88f828443bc8ee27d.tar.gz chromium_src-a75c45bf1cad925548a75bf88f828443bc8ee27d.tar.bz2 | |
Break path whereby AssociatedURLLoader::~AssociatedURLLoader() is re-entered on top of itself.
BUG=159429
Review URL: https://chromiumcodereview.appspot.com/11359222
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@168150 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/plugins')
| -rw-r--r-- | webkit/plugins/ppapi/ppb_url_loader_impl.cc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/webkit/plugins/ppapi/ppb_url_loader_impl.cc b/webkit/plugins/ppapi/ppb_url_loader_impl.cc index 62dd4f4..8c29f7c 100644 --- a/webkit/plugins/ppapi/ppb_url_loader_impl.cc +++ b/webkit/plugins/ppapi/ppb_url_loader_impl.cc @@ -85,6 +85,12 @@ PPB_URLLoader_Impl::PPB_URLLoader_Impl(PP_Instance instance, } PPB_URLLoader_Impl::~PPB_URLLoader_Impl() { + // There is a path whereby the destructor for the loader_ member can + // invoke InstanceWasDeleted() upon this PPB_URLLoader_Impl, thereby + // re-entering the scoped_ptr destructor with the same scoped_ptr object + // via loader_.reset(). Be sure that loader_ is first NULL then destroy + // the scoped_ptr. See http://crbug.com/159429. + scoped_ptr<WebKit::WebURLLoader> for_destruction_only(loader_.release()); } PPB_URLLoader_API* PPB_URLLoader_Impl::AsPPB_URLLoader_API() { |