summaryrefslogtreecommitdiffstats
path: root/WebKit
diff options
context:
space:
mode:
authorDerek Sollenberger <djsollen@google.com>2011-03-09 11:21:07 -0500
committerDerek Sollenberger <djsollen@google.com>2011-03-09 11:21:07 -0500
commitd1f25a8a55bba56cdfbe6275a04028e5f85d6bda (patch)
tree093382d49b7452ae0524c41ae3ff8c8bf2da6b9d /WebKit
parent24b320d351369a76f0bf7ac2bad37f5dfd4681cd (diff)
downloadexternal_webkit-d1f25a8a55bba56cdfbe6275a04028e5f85d6bda.zip
external_webkit-d1f25a8a55bba56cdfbe6275a04028e5f85d6bda.tar.gz
external_webkit-d1f25a8a55bba56cdfbe6275a04028e5f85d6bda.tar.bz2
Prevent double deletion when timer callback causes plugin to be deleted.
bug: 4040002 Change-Id: I9e85db08805561109fdb1d270c018d7308bef5cf
Diffstat (limited to 'WebKit')
-rw-r--r--WebKit/android/plugins/PluginTimer.cpp7
1 files changed, 6 insertions, 1 deletions
diff --git a/WebKit/android/plugins/PluginTimer.cpp b/WebKit/android/plugins/PluginTimer.cpp
index 9ed6a80..dfa7272 100644
--- a/WebKit/android/plugins/PluginTimer.cpp
+++ b/WebKit/android/plugins/PluginTimer.cpp
@@ -71,7 +71,12 @@ namespace WebCore {
if (!m_unscheduled)
m_timerFunc(m_instance, m_timerID);
- if (!m_repeat || m_unscheduled)
+ // remove the timer if it is a one-shot timer (!m_repeat) or if is a
+ // repeating timer that has been unscheduled. In either case we must
+ // ensure that the refcount is 2 or greater since the PluginTimerList
+ // could have been deleted by the timerFunc and we must ensure that we
+ // do not double delete.
+ if ((!m_repeat || m_unscheduled) && refCount() > 1)
deref(); // mark the timer for deletion as it is no longer needed
}