Closed Bug 1049751 Opened 11 years ago Closed 10 years ago

Crash in PPluginScriptableObjectChild::CallGetParentProperty after being reentered

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: bugzilla, Unassigned)

References

Details

Async Plugin Init makes this pretty easy to reproduce. I noticed that this happens whenever circumstances cause PPluginScriptableObjectChild::CallGetParentProperty to be reentered and each reply to that method returns the same PluginScriptableObjectChild actor as its result. When the first reply is handled and subsequently released by the child, the parent ends up sending __delete__ back to the child because its protect count is 1. By the time the child processes the next reply, the actor corresponding to its ID has been destroyed and we abort. I *think* that the right solution here it to ensure that we always Protect the actor being returned in PluginScriptableObjectParent::AnswerGetParentProperty before returning. As long as that actor's protect count matches the number of reentrant calls that request that actor, we won't crash.
I'm going to mark this as invalid. The Right Thing (TM) to do is to prevent reentry by enqueuing a task.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.