| commit | 8446b33c7ea20bd1596f876ab225034b7c5d1162 | |
| author | hiroshige <hiroshige@chromium.org> | |
| Mon, 22 Dec 2014 05:45:01 +0000 (21 21:45 -0800) | ||
| committer | Commit bot <commit-bot@chromium.org> | |
| Mon, 22 Dec 2014 05:45:50 +0000 (22 05:45 +0000) | ||
| tree | c790f526371427faab38766d2820b467b4414b58 | treesnapshot (tar.gz zip) |
| parent | 4e1fa4a8270c2180ce929db07991cc3f69e4a4d6 | commitdiff |
[Thread-safe] Apply base::Passed to WebThread::Task
WebThread::Task can contain RefPtr to a thread-unsafe-reference-counted object
(e.g. WorkerThreadTask can contain RefPtr to WebKit's StringImpl).
This caused a race condition:
[A] When WebThread::Task::run is executed, more RefPtr's to the refcounted
object can be created and the reference counter of the object can be
modified via these RefPtr's (as intended) on the thread where the task
is executed.
[B] However, base::Closure still retains the ownership of WebThread::Task
even after WebThread::Task::run is called.
When base::Closure is deleted, WebThread::Task is deleted and the
reference counter of the object is decreased by one, possibly from a
different thread from [A], which is a race condition.
This CL removes the ownership of WebThread::Task from base::Closure after
WebThread::Task::run is executed by using scoped_ptr and base::Passed.
This removes the reference counter modification of [B] and hence removes the
race condition.
BUG=390851
Review URL: https://codereview.chromium.org/807423002
Cr-Commit-Position: refs/heads/master@{#309396}
WebThread::Task can contain RefPtr to a thread-unsafe-reference-counted object
(e.g. WorkerThreadTask can contain RefPtr to WebKit's StringImpl).
This caused a race condition:
[A] When WebThread::Task::run is executed, more RefPtr's to the refcounted
object can be created and the reference counter of the object can be
modified via these RefPtr's (as intended) on the thread where the task
is executed.
[B] However, base::Closure still retains the ownership of WebThread::Task
even after WebThread::Task::run is called.
When base::Closure is deleted, WebThread::Task is deleted and the
reference counter of the object is decreased by one, possibly from a
different thread from [A], which is a race condition.
This CL removes the ownership of WebThread::Task from base::Closure after
WebThread::Task::run is executed by using scoped_ptr and base::Passed.
This removes the reference counter modification of [B] and hence removes the
race condition.
BUG=390851
Review URL: https://codereview.chromium.org/807423002
Cr-Commit-Position: refs/heads/master@{#309396}
| content/child/webthread_impl.cc | diffblobblamehistory |