Closed Bug 763013 Opened 13 years ago Closed 13 years ago

Race condition in async stream copier

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla16

People

(Reporter: janv, Assigned: janv)

References

Details

Attachments

(1 file)

fix
1.20 KB, patch
Biesinger
: review+
Details | Diff | Splinter Review
nsAsyncStreamCopier::AsyncCopy() calls NS_AsyncCopy() The background thread can copy the stream so quickly that it calls the complete callback before NS_AsyncCopy() finishes. So the main thread calls NS_AsyncCopy() and executes: *aCopierCtx = static_cast<nsISupports*>( static_cast<nsIRunnable*>(copier)); context switch The background thread finishes copying, calls nsAsyncStreamCopier::OnAsyncCopyComplete() and then nsAsyncStreamCopier::Complete() which executes: MutexAutoLock lock(mLock); mCopierCtx = nsnull; context switch The main thread executes: NS_ADDREF(*aCopierCtx); which is now null Testing a fix on try ...
seems like there's a similar bug filed already, bug 559927
Attached patch fixSplinter Review
Assignee: nobody → Jan.Varga
Status: NEW → ASSIGNED
Attachment #631648 - Flags: review?(cbiesinger)
the fix passed on try
we need this to fix bug 762024
Attachment #631648 - Flags: review?(cbiesinger) → review+
Blocks: 762024
http://hg.mozilla.org/mozilla-central/rev/72419c5d84df
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla16
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: