Google Git
Sign in
chromium / chromium / src / b1dda104f92db54ab30dfb2912d9d552bc5e0073
commitb1dda104f92db54ab30dfb2912d9d552bc5e0073[log] [tgz]
authortzik <tzik@chromium.org>Wed Jul 25 16:40:57 2018
committerCommit Bot <commit-bot@chromium.org>Wed Jul 25 16:40:57 2018
tree7ceac5a94ed9dafb0c3efd05ec6649f211dde7dc
parent0f60eb2885fe4582afaf2a5879338aebda2f69ed [diff]
Avoid touching NestedSubscription's ref count before it's fully constructed

NestedSubscription is a ref-counted object, and its first reference used to
be made by base::BindOnce in its constructor. The reference is passed to
another thread, and released when the callback instance is destroyed.

However, if the PostTask failed or the posted task ran soon before the
constructor finished to construct the NestedSubscription instance, the
ref count is decremented to 0, and `new NestedSubscription` may return
a stale pointer.

This CL adds a static constructor to avoid that by splitting the ref-count
related set up out of the constructor.

Bug: 866456
Change-Id: Idf03b31b95b4a7ddee81fdebff78a594e52a62f8
Reviewed-on: https://chromium-review.googlesource.com/1149762
Reviewed-by: Richard Coles <torne@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#577933}
1 file changed
tree: 7ceac5a94ed9dafb0c3efd05ec6649f211dde7dc
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. blink/
  6. build/
  7. build_overrides/
  8. cc/
  9. chrome/
  10. chrome_elf/
  11. chromecast/
  12. chromeos/
  13. cloud_print/
  14. components/
  15. content/
  16. courgette/
  17. crypto/
  18. dbus/
  19. device/
  20. docs/
  21. extensions/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. mash/
  32. media/
  33. mojo/
  34. native_client_sdk/
  35. net/
  36. pdf/
  37. ppapi/
  38. printing/
  39. remoting/
  40. rlz/
  41. sandbox/
  42. services/
  43. skia/
  44. sql/
  45. storage/
  46. styleguide/
  47. testing/
  48. third_party/
  49. tools/
  50. ui/
  51. url/
  52. webrunner/
  53. .clang-format
  54. .eslintrc.js
  55. .git-blame-ignore-revs
  56. .gitattributes
  57. .gitignore
  58. .gn
  59. .vpython
  60. AUTHORS
  61. BUILD.gn
  62. CODE_OF_CONDUCT.md
  63. codereview.settings
  64. DEPS
  65. ENG_REVIEW_OWNERS
  66. LICENSE
  67. LICENSE.chromium_os
  68. OWNERS
  69. PRESUBMIT.py
  70. PRESUBMIT_test.py
  71. PRESUBMIT_test_mocks.py
  72. README.md
  73. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .