Skip to site navigation (Press enter)

[webkit-changes] [118306] releases/WebKitGTK/webkit-1.8/Source/WebCore

kov Wed, 23 May 2012 19:17:28 -0700

Title: [118306] releases/WebKitGTK/webkit-1.8/Source/WebCore

Revision: 118306
Author: [email protected]
Date: 2012-05-23 19:18:22 -0700 (Wed, 23 May 2012)

Log Message

Merge 113291 - WorkerEventQueue::close might access deleted WorkerEventQueue::EventDispatcherTask.
https://bugs.webkit.org/show_bug.cgi?id=83202


On closing the event queue, WorkerEventQueue cancels all the tasks associated with events.
The tasks in their turn delete themselves from the map whenever task gets executed.
However if shutdown occurs when task is in queue but before task gets executed, the task will be deleted without execution.
This patch makes sure that no deleted tasks stay in WorkerEventQueue, by task removing itself in destructor.

Reviewed by David Levin.

Covered by existing tests.

* workers/WorkerEventQueue.cpp:
(WebCore::WorkerEventQueue::EventDispatcherTask::~EventDispatcherTask):
(WorkerEventQueue::EventDispatcherTask):
(WebCore::WorkerEventQueue::EventDispatcherTask::performTask):

Modified Paths

releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-1.8/Source/WebCore/workers/WorkerEventQueue.cpp

Diff

Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog (118305 => 118306)


--- releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog	2012-05-24 02:08:49 UTC (rev 118305)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog	2012-05-24 02:18:22 UTC (rev 118306)
@@ -1,3 +1,22 @@
+2012-04-04  Dmitry Lomov  <[email protected]>
+
+        WorkerEventQueue::close might access deleted WorkerEventQueue::EventDispatcherTask.
+        https://bugs.webkit.org/show_bug.cgi?id=83202
+
+        On closing the event queue, WorkerEventQueue cancels all the tasks associated with events.
+        The tasks in their turn delete themselves from the map whenever task gets executed.
+        However if shutdown occurs when task is in queue but before task gets executed, the task will be deleted without execution.
+        This patch makes sure that no deleted tasks stay in WorkerEventQueue, by task removing itself in destructor.
+
+        Reviewed by David Levin.
+
+        Covered by existing tests.
+
+        * workers/WorkerEventQueue.cpp:
+        (WebCore::WorkerEventQueue::EventDispatcherTask::~EventDispatcherTask):
+        (WorkerEventQueue::EventDispatcherTask):
+        (WebCore::WorkerEventQueue::EventDispatcherTask::performTask):
+
 2012-04-04  Simon Fraser  <[email protected]>
 
         https://bugs.webkit.org/show_bug.cgi?id=82994

Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/workers/WorkerEventQueue.cpp (118305 => 118306)


--- releases/WebKitGTK/webkit-1.8/Source/WebCore/workers/WorkerEventQueue.cpp	2012-05-24 02:08:49 UTC (rev 118305)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/workers/WorkerEventQueue.cpp	2012-05-24 02:18:22 UTC (rev 118306)
@@ -58,6 +58,12 @@
         return adoptPtr(new EventDispatcherTask(event, eventQueue));
     }
 
+    virtual ~EventDispatcherTask()
+    {
+        if (m_event)
+            m_eventQueue->removeEvent(m_event.get());
+    }
+
     void dispatchEvent(ScriptExecutionContext*, PassRefPtr<Event> event)
     {
         event->target()->dispatchEvent(event);
@@ -69,6 +75,7 @@
             return;
         m_eventQueue->removeEvent(m_event.get());
         dispatchEvent(context, m_event);
+        m_event.clear();
     }
 
     void cancel()

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes