From WebKit/Source/WebCore/platform/graphics/chromium/FontPlatformDataChromiumWin.cpp: FontPlatformData::RefCountedHFONT* FontPlatformData::hashTableDeletedFontValue() { static RefPtr<RefCountedHFONT> deletedValue = RefCountedHFONT::create(reinterpret_cast<HFONT>(-1)); return deletedValue.get(); } The problem with using static RefPtr is that, on Windows, the destructor of |deletedValue| will not be called until doexit() is executed on the main application thread. In single-process applications (like Chromium Embedded Framework) the main application thread may not be the same as the WebKit thread. This problem was exposed by WebKit revision 92254 which adds asserts to RefCounted to make sure ref/deref happens on the right thread. According to the WebKit experts the correct solution is to intentionally leak the static RefCountedHFONT object using leakRef().
Created attachment 107007 [details] Proposed fix for bug 67906. Please review the attached bug_67906.patch.
Created attachment 107008 [details] Proposed fix for bug 67906. Please review the attached patch.
Comment on attachment 107008 [details] Proposed fix for bug 67906. This looks fine, but we should use DECLARE_STATIC_LOCAL though (and I would merge those too lines together).
Created attachment 107045 [details] Proposed Fix #3 Changed to use DEFINE_STATIC_LOCAL.
(In reply to comment #4) > Created an attachment (id=107045) [details] > Proposed Fix #3 > > Changed to use DEFINE_STATIC_LOCAL. Note: The above patch doesn't use leakRef() in combination with DEFINE_STATIC_LOCAL. This is because DEFINE_STATIC_LOCAL is already leaking a RefPtr that is holding a reference to the object, so I don't believe it's necessary to additionally call leakRef().
(In reply to comment #3) > (From update of attachment 107008 [details]) > This looks fine, but we should use DECLARE_STATIC_LOCAL though (and I would merge those too lines together). Hi Adam, can you review the updated patch? Thanks.
Comment on attachment 107045 [details] Proposed Fix #3 Looks great. Sorry for dropping the ball.
Comment on attachment 107045 [details] Proposed Fix #3 Clearing flags on attachment: 107045 Committed r95576: <http://trac.webkit.org/changeset/95576>
All reviewed patches have been landed. Closing bug.