diff options
| author | Steve Block <steveblock@google.com> | 2010-03-03 16:54:11 +0000 |
|---|---|---|
| committer | Steve Block <steveblock@google.com> | 2010-03-03 17:18:29 +0000 |
| commit | c673307a350b51d77dc3fdf76845064a44c6616c (patch) | |
| tree | a863b8c511a0a682a8e7b7c160ec74bda5256b54 /WebKit/android/jni/WebCoreFrameBridge.h | |
| parent | 60aebe4c6428cce670cda380ae44c26711e9d56b (diff) | |
| download | external_webkit-c673307a350b51d77dc3fdf76845064a44c6616c.zip external_webkit-c673307a350b51d77dc3fdf76845064a44c6616c.tar.gz external_webkit-c673307a350b51d77dc3fdf76845064a44c6616c.tar.bz2 | |
Fixes a crash in WeakJavaInstance
WeakJavaInstance is a wrapper around JavaInstance. Outside of calls to
virtualBegin/virtualEnd, it replaces the strong reference to the Java instance
held by JavaInstance with a weak reference. This is to break circular references
and allow the Java instance to be garbage collected.
The code does not handle correctly the case where multiple calls are made to
virtualBegin before corresponding calls to virtualEnd. virtualBegin caches the
current instance as _weakRef. However, if virtualBegin has already been called,
the current instance is now a strong reference, and this overwrites _weakRef.
When virtualEnd is called, the instance is not restored to the weak reference. In
the WeakJavaInstance destructor, we try to restore the strong reference from the
weak reference, but this has already been deleted, causing the VM to abort.
This patch fixes the problem by returning early from virtualBegin and virtualEnd
when unmatched calls to virtualBegin have already been made.
Also fixes some style issues.
Bug: 2485164
Change-Id: I2b22a849af10e377525a3da215ca91e611d892d0
Diffstat (limited to 'WebKit/android/jni/WebCoreFrameBridge.h')
0 files changed, 0 insertions, 0 deletions