Closed
Bug 507255
Opened 15 years ago
Closed 15 years ago
Fragment::onDestroy can cause double-deletes
Categories
(Tamarin Graveyard :: Virtual Machine, defect)
Tamarin Graveyard
Virtual Machine
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: stejohns, Unassigned)
Details
Attachments
(1 file)
|
1.02 KB,
patch
|
rreitmai
:
review+
edwsmith
:
superreview+
|
Details | Diff | Splinter Review |
Fragment::onDestroy is called exclusively from ~Fragment. Since Fragment is a GCFinalizedObject, this means that it is called only if: (a) the heap is being swept, or (b) we have been explicitly deleted. HOWEVER: LirBuffer is also a GCFinalizedObject. Thus, for case (a), lirbuf might have been finalized before us, so we MUST NOT explicitly delete it here, because that could cause a double-delete, which can lead to many amusing problems. Instead, we will do nothing here, and in the (rare) case (b), lirbuf will simply be collected in due course.
Attachment #391456 -
Flags: superreview?(edwsmith)
Attachment #391456 -
Flags: review?(rreitmai)
|
||
Comment 1•15 years ago
|
||
Comment on attachment 391456 [details] [diff] [review] Patch Fine for now since mem mgt is being reworked in bug #506390 You might want to set lirbuf = 0 in the onDestroy to help the gc out a bit.
Attachment #391456 -
Flags: review?(rreitmai) → review+
|
Reporter | |
Comment 2•15 years ago
|
||
pushed (with suggested change) as changeset: 2271:c62fa72c6344
|
||
Comment 3•15 years ago
|
||
Comment on attachment 391456 [details] [diff] [review] Patch onDestroy() is slated for gutting anyway with upcoming changes that turn Fragment and LirBuffer into arena-allocated objects.
Attachment #391456 -
Flags: superreview?(edwsmith) → superreview+
|
|
Reporter | |
Updated•15 years ago
|
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
||
Comment 4•15 years ago
|
||
Resolved fixed engineering / work item that has been pushed. Setting status to verified.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•