| commit | 7ecee444661e8b855c15171615d68162602c39fa | |
| author | reillyg <reillyg@chromium.org> | |
| Mon, 10 Aug 2015 22:18:54 +0000 (10 15:18 -0700) | ||
| committer | Commit bot <commit-bot@chromium.org> | |
| Mon, 10 Aug 2015 22:19:15 +0000 (10 22:19 +0000) | ||
| tree | 9925d431f307f24662188b697d96fb737859ccd8 | treesnapshot (tar.gz zip) |
| parent | 0d4bec77cfc8007f75f82a0047b2754a3a788f7b | commitdiff |
Remove "delete this" pattern from UsbContext completely.
This change fixes a much rarer possible use-after-free on USB context
shutdown than commit 3219ab0a9caf806b6dda0fe970869735726a5481. If there
is an event that wakes up the event loop thread after running_ is set to
false then the context could be freed before the attempt to wake it up
with libusb_interrupt_handle_event() is made, instead signaling a freed
object.
This change instead makes it the responsibility of UsbContext to free
the UsbEventHandler once its thread has been joined.
BUG=518749
R=rockot@chromium.org
Review URL: https://codereview.chromium.org/1281373002
Cr-Commit-Position: refs/heads/master@{#342711}
This change fixes a much rarer possible use-after-free on USB context
shutdown than commit 3219ab0a9caf806b6dda0fe970869735726a5481. If there
is an event that wakes up the event loop thread after running_ is set to
false then the context could be freed before the attempt to wake it up
with libusb_interrupt_handle_event() is made, instead signaling a freed
object.
This change instead makes it the responsibility of UsbContext to free
the UsbEventHandler once its thread has been joined.
BUG=518749
R=rockot@chromium.org
Review URL: https://codereview.chromium.org/1281373002
Cr-Commit-Position: refs/heads/master@{#342711}
| device/usb/usb_context.cc | diffblobblamehistory | |
| device/usb/usb_context.h | diffblobblamehistory |