Bug 130395

Summary: [GTK] Race condition when the socket event source is cancelled
Product: WebKit Reporter: Carlos Garcia Campos <cgarcia>
Component: WebKit2Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: csaavedra, danw, gustavo, mrobinson, pnormand, svillar
Priority: P2 Keywords: Gtk
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch mrobinson: review+

Carlos Garcia Campos
Reported 2014-03-18 07:04:45 PDT
In some cases when the socket event source is cancelled the socket event source callback is called with the condition of the previous poll instead of 0. This can happen sometimes when the source is cancelled from the socket event source callback. Once the socket event source is cancelled, it's dispatched by glib without polling, so the condition is never reset again and the callback is called again and again with the previous condition. When the condition is G_IO_IN, the source is re-scheduled entering into an infinite loop. We should always check if the source has been cancelled at the beginning of the callback to destroy the source instead of relying on the condition being 0.
Attachments
Patch (2.54 KB, patch)
2014-03-18 07:06 PDT, Carlos Garcia Campos 		mrobinson: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Carlos Garcia Campos
Comment 1 2014-03-18 07:06:46 PDT
Created attachment 227046 [details] Patch
Carlos Garcia Campos
Comment 2 2014-03-18 08:03:26 PDT
Committed r165812: <http://trac.webkit.org/changeset/165812>
Note You need to log in before you can comment on or make changes to this bug.