46480 – [chromium] Platform layers should not be able to hold a stale compositor pointer

Bug 46480 - [chromium] Platform layers should not be able to hold a stale compositor pointer

Summary: [chromium] Platform layers should not be able to hold a stale compositor pointer

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Vangelis Kokkevis

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-09-24 10:30 PDT by Vangelis Kokkevis
Modified:	2010-10-08 09:56 PDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vangelis Kokkevis 2010-09-24 10:30:16 PDT

Composited layers (the ones derived from LayerChromium) hold a raw pointer to the compositor (LayerRendererChromium) which means that if the compositor gets destroyed before the layers do they could be accessing uninitialized memory. One possible solution would be to make LayerChromium hold a reference to LayerRendererChromium instead of a raw pointer to ensure a proper destruction order.

Comment 1 Vangelis Kokkevis 2010-10-08 09:56:22 PDT

Fixed in r68442: <http://trac.webkit.org/changeset/68442>