Bug 72755

Summary:

WebAudio: AudioContext::uninitialize() can cause AudioContext deletion before deleting marked nodes.

Product:

WebKit

Reporter:

Jer Noble <jer.noble>

Component:

Web Audio

Assignee:

Jer Noble <jer.noble>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

crogers, eric.carlson, sam, webkit.review.bot

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
Patch	none

Description Jer Noble 2011-11-18 13:42:33 PST

WebAudio: AudioContext::uninitialize() can caused AudioContext deletion before deleting marked nodes.

Comment 1 Jer Noble 2011-11-18 13:45:30 PST

If the AudioContext's destination nodes hold the only references existing to the AudioContext, then calling m_destinationNode.clear() will cause the context's refCount to drop to 0, and the context will be deleted before exiting uninitialize().  This will potentially skip a lot of clean up and will cause an assertion in ~AudioContext().

Comment 2 Jer Noble 2011-11-18 13:47:54 PST

Created attachment 115867 [details]
Patch

Comment 3 Eric Carlson 2011-11-18 13:49:18 PST

Comment on attachment 115867 [details]
Patch

Is it possible to create a layout test for this?

Comment 4 Jer Noble 2011-11-18 14:02:28 PST

(In reply to comment #3)
> (From update of attachment 115867 [details])
> Is it possible to create a layout test for this?

Probably not.

Comment 5 WebKit Review Bot 2011-11-28 10:50:25 PST

Comment on attachment 115867 [details]
Patch

Clearing flags on attachment: 115867

Committed r101265: <http://trac.webkit.org/changeset/101265>

Comment 6 WebKit Review Bot 2011-11-28 10:50:32 PST

All reviewed patches have been landed.  Closing bug.