From d1f25a8a55bba56cdfbe6275a04028e5f85d6bda Mon Sep 17 00:00:00 2001 From: Derek Sollenberger Date: Wed, 9 Mar 2011 11:21:07 -0500 Subject: Prevent double deletion when timer callback causes plugin to be deleted. bug: 4040002 Change-Id: I9e85db08805561109fdb1d270c018d7308bef5cf --- WebKit/android/plugins/PluginTimer.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'WebKit') diff --git a/WebKit/android/plugins/PluginTimer.cpp b/WebKit/android/plugins/PluginTimer.cpp index 9ed6a80..dfa7272 100644 --- a/WebKit/android/plugins/PluginTimer.cpp +++ b/WebKit/android/plugins/PluginTimer.cpp @@ -71,7 +71,12 @@ namespace WebCore { if (!m_unscheduled) m_timerFunc(m_instance, m_timerID); - if (!m_repeat || m_unscheduled) + // remove the timer if it is a one-shot timer (!m_repeat) or if is a + // repeating timer that has been unscheduled. In either case we must + // ensure that the refcount is 2 or greater since the PluginTimerList + // could have been deleted by the timerFunc and we must ensure that we + // do not double delete. + if ((!m_repeat || m_unscheduled) && refCount() > 1) deref(); // mark the timer for deletion as it is no longer needed } -- cgit v1.1