RESOLVED FIXED 72755
WebAudio: AudioContext::uninitialize() can cause AudioContext deletion before deleting marked nodes. 
https://bugs.webkit.org/show_bug.cgi?id=72755
Summary WebAudio: AudioContext::uninitialize() can cause AudioContext deletion before...
Jer Noble
Reported 2011-11-18 13:42:33 PST
WebAudio: AudioContext::uninitialize() can caused AudioContext deletion before deleting marked nodes.
Attachments
Patch (1.57 KB, patch)
2011-11-18 13:47 PST, Jer Noble 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Jer Noble
Comment 1 2011-11-18 13:45:30 PST
If the AudioContext's destination nodes hold the only references existing to the AudioContext, then calling m_destinationNode.clear() will cause the context's refCount to drop to 0, and the context will be deleted before exiting uninitialize(). This will potentially skip a lot of clean up and will cause an assertion in ~AudioContext().
Jer Noble
Comment 2 2011-11-18 13:47:54 PST
Created attachment 115867 [details] Patch
Eric Carlson
Comment 3 2011-11-18 13:49:18 PST
Comment on attachment 115867 [details] Patch Is it possible to create a layout test for this?
Jer Noble
Comment 4 2011-11-18 14:02:28 PST
(In reply to comment #3) > (From update of attachment 115867 [details]) > Is it possible to create a layout test for this? Probably not.
WebKit Review Bot
Comment 5 2011-11-28 10:50:25 PST
Comment on attachment 115867 [details] Patch Clearing flags on attachment: 115867 Committed r101265: <http://trac.webkit.org/changeset/101265>
WebKit Review Bot
Comment 6 2011-11-28 10:50:32 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.