RESOLVED FIXED 169620
Add a null check in VMTraps::willDestroyVM() to handle a race condition. 
https://bugs.webkit.org/show_bug.cgi?id=169620
Summary Add a null check in VMTraps::willDestroyVM() to handle a race condition.
Mark Lam
Reported 2017-03-14 12:12:25 PDT
There exists a race between VMTraps::willDestroyVM() (which removed SignalSenders from its m_signalSenders list) and SignalSender::send() (which removes itself from the list). In the event that SignalSender::send() removes itself between the time that VMTraps::willDestroyVM() checks if m_signalSenders is empty and the time it takes a sender from m_signalSenders, VMTraps::willDestroyVM() may end up with a NULL sender pointer. The fix is add the missing null check before using the sender pointer.
Attachments
proposed patch. (2.84 KB, patch)
2017-03-14 12:19 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
proposed patch: rebased to ToT. (2.84 KB, patch)
2017-03-14 12:22 PDT, Mark Lam 		fpizlo: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2017-03-14 12:16:35 PDT
<rdar://problem/31022072>
Mark Lam
Comment 2 2017-03-14 12:19:42 PDT
Created attachment 304411 [details] proposed patch.
Mark Lam
Comment 3 2017-03-14 12:22:58 PDT
Created attachment 304412 [details] proposed patch: rebased to ToT.
Mark Lam
Comment 4 2017-03-14 12:30:06 PDT
Thanks for the review. Landed in r213930: <http://trac.webkit.org/r213930>.
Note You need to log in before you can comment on or make changes to this bug.