Bug 72755

Summary: WebAudio: AudioContext::uninitialize() can cause AudioContext deletion before deleting marked nodes.
Product: WebKit Reporter: Jer Noble <jer.noble>
Component: Web AudioAssignee: Jer Noble <jer.noble>
Status: RESOLVED FIXED    
Severity: Normal CC: crogers, eric.carlson, sam, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch none

Jer Noble
Reported 2011-11-18 13:42:33 PST
WebAudio: AudioContext::uninitialize() can caused AudioContext deletion before deleting marked nodes.
Attachments
Patch (1.57 KB, patch)
2011-11-18 13:47 PST, Jer Noble 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Jer Noble
Comment 1 2011-11-18 13:45:30 PST
If the AudioContext's destination nodes hold the only references existing to the AudioContext, then calling m_destinationNode.clear() will cause the context's refCount to drop to 0, and the context will be deleted before exiting uninitialize(). This will potentially skip a lot of clean up and will cause an assertion in ~AudioContext().
Jer Noble
Comment 2 2011-11-18 13:47:54 PST
Created attachment 115867 [details] Patch
Eric Carlson
Comment 3 2011-11-18 13:49:18 PST
Comment on attachment 115867 [details] Patch Is it possible to create a layout test for this?
Jer Noble
Comment 4 2011-11-18 14:02:28 PST
(In reply to comment #3) > (From update of attachment 115867 [details]) > Is it possible to create a layout test for this? Probably not.
WebKit Review Bot
Comment 5 2011-11-28 10:50:25 PST
Comment on attachment 115867 [details] Patch Clearing flags on attachment: 115867 Committed r101265: <http://trac.webkit.org/changeset/101265>
WebKit Review Bot
Comment 6 2011-11-28 10:50:32 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.