diff options
| author | Kristian Monsen <kristianm@google.com> | 2011-01-13 14:27:10 +0000 |
|---|---|---|
| committer | Kristian Monsen <kristianm@google.com> | 2011-01-13 14:30:40 +0000 |
| commit | 2affce26ab8f173609de60771c0fbc1ae23a6126 (patch) | |
| tree | 1103ee7ce54584c4b3bb5e531d42dbd820b1f39d /WebKit/android | |
| parent | 06c187aa4a2bbcf7ade9ca809959b5d0a92ec5c6 (diff) | |
| download | external_webkit-2affce26ab8f173609de60771c0fbc1ae23a6126.zip external_webkit-2affce26ab8f173609de60771c0fbc1ae23a6126.tar.gz external_webkit-2affce26ab8f173609de60771c0fbc1ae23a6126.tar.bz2 | |
Fix for bug 3347616, crash when closing browser with requests in flight
The problem is if a request is just started as the browser (or a tab)
is closed. That can give delete the scoped_refptr before the
refcount is increased on the IO thread.
Refcounted objects should not be passed as raw pointers between
threads.
Change-Id: I57a9b30f5fdfef3c6d45b81ea59a61f96b09e6ae
Diffstat (limited to 'WebKit/android')
| -rw-r--r-- | WebKit/android/WebCoreSupport/WebRequest.cpp | 10 | ||||
| -rw-r--r-- | WebKit/android/WebCoreSupport/WebRequest.h | 3 | ||||
| -rw-r--r-- | WebKit/android/WebCoreSupport/WebUrlLoaderClient.cpp | 8 |
3 files changed, 15 insertions, 6 deletions
diff --git a/WebKit/android/WebCoreSupport/WebRequest.cpp b/WebKit/android/WebCoreSupport/WebRequest.cpp index da84126..9e464c1 100644 --- a/WebKit/android/WebCoreSupport/WebRequest.cpp +++ b/WebKit/android/WebCoreSupport/WebRequest.cpp @@ -152,7 +152,13 @@ void WebRequest::appendBytesToUpload(WTF::Vector<char>* data) delete data; } -void WebRequest::start(WebRequestContext* context) +void WebRequest::setRequestContext(WebRequestContext* context) +{ + if (m_request) + m_request->set_context(context); +} + +void WebRequest::start() { ASSERT(m_loadState == Created, "Start called on a WebRequest not in CREATED state: (%s)", m_url.c_str()); @@ -168,8 +174,6 @@ void WebRequest::start(WebRequestContext* context) if (m_request->url().SchemeIs("browser")) return handleBrowserURL(m_request->url()); - m_request->set_context(context); - m_request->Start(); } diff --git a/WebKit/android/WebCoreSupport/WebRequest.h b/WebKit/android/WebCoreSupport/WebRequest.h index c3c5ec0..e896284 100644 --- a/WebKit/android/WebCoreSupport/WebRequest.h +++ b/WebKit/android/WebCoreSupport/WebRequest.h @@ -66,7 +66,8 @@ public: void appendBytesToUpload(Vector<char>* data); void appendFileToUpload(const std::string& filename); - void start(WebRequestContext*); + void setRequestContext(WebRequestContext* context); + void start(); void cancel(); // From URLRequest::Delegate diff --git a/WebKit/android/WebCoreSupport/WebUrlLoaderClient.cpp b/WebKit/android/WebCoreSupport/WebUrlLoaderClient.cpp index 02f4139..596128a 100644 --- a/WebKit/android/WebCoreSupport/WebUrlLoaderClient.cpp +++ b/WebKit/android/WebCoreSupport/WebUrlLoaderClient.cpp @@ -167,7 +167,8 @@ bool WebUrlLoaderClient::start(bool sync, WebRequestContext* context) m_sync = sync; if (m_sync) { AutoLock autoLock(*syncLock()); - thread->message_loop()->PostTask(FROM_HERE, NewRunnableMethod(m_request.get(), &WebRequest::start, context)); + m_request->setRequestContext(context); + thread->message_loop()->PostTask(FROM_HERE, NewRunnableMethod(m_request.get(), &WebRequest::start)); // Run callbacks until the queue is exhausted and m_finished is true. while(!m_finished) { @@ -186,7 +187,10 @@ bool WebUrlLoaderClient::start(bool sync, WebRequestContext* context) m_resourceHandle = 0; } else { // Asynchronous start. - thread->message_loop()->PostTask(FROM_HERE, NewRunnableMethod(m_request.get(), &WebRequest::start, context)); + // Important to set this before the thread starts so it has a reference and can't be deleted + // before the task starts running on the IO thread. + m_request->setRequestContext(context); + thread->message_loop()->PostTask(FROM_HERE, NewRunnableMethod(m_request.get(), &WebRequest::start)); } return true; } |