Do not delete synchronously in OnTaskRunnerDeleter. Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread() method of the TaskRunner. However, the latter has weak guarantees on the returned value (see the comment to it). It can even always return true. Therefore, thread-unsafe objects can not be safely deleted under some circumstances. The current implementation also makes such a crashing scenario possible. Suppose there is an Object living in the SequencedTaskRunner and a Task has been posted to a TaskRunner to access the Object. After that, the deleter has been invoked and immediately deleted the Object. After that the Task got to execute in the TaskRunner, and tries to read from a deleted Object => undefined behavior. Review-Url: https://codereview.chromium.org/2657283002 Cr-Commit-Position: refs/heads/master@{#446920}
diff --git a/base/sequenced_task_runner.h b/base/sequenced_task_runner.h index 0bedf2e..de91bd928 100644 --- a/base/sequenced_task_runner.h +++ b/base/sequenced_task_runner.h
@@ -163,9 +163,7 @@ template <typename T> void operator()(const T* ptr) { - if (task_runner_->RunsTasksOnCurrentThread()) - delete ptr; - else if (ptr) + if (ptr) task_runner_->DeleteSoon(FROM_HERE, ptr); }