Regression(r191673): Crash in RunLoopTimer::schedule()
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 3 Nov 2015 00:14:36 +0000 (00:14 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 3 Nov 2015 00:14:36 +0000 (00:14 +0000)
commita188f93ca160fd716b12374c4213ec350bbd1a97
treedb6e02f17fd0db6193e4cbc338d5e7955aa3af2e
parent468485a4ea1513f9818fd7b290a7c298d5eb8123
Regression(r191673): Crash in RunLoopTimer::schedule()
https://bugs.webkit.org/show_bug.cgi?id=150816
<rdar://problem/23335285>

Reviewed by Anders Carlsson.

The crash was happening when the RunLoopTimer would fire during the
call to RunLoopTimer::schedule(), which can happen because we are
calling schedule() from a background thread. In such case, the
timerFired() callback execution would cause |this| to get destroyed.

To avoid this issue, DecodingResultDispatcher is now ref-counted. The
object is ref'd while calling startTimer() so that the object cannot go
away during the execution of this method. Also, we explicitly ref the
object when starting the timer to keep the object alive until the
RunLoopTimer has fired, at which point we explicitely de-ref.

This should handle correctly the cases where the RunLoopTimer fires
during AND after the execution of startTimer().

* platform/network/DataURLDecoder.cpp:
(WebCore::DataURLDecoder::DecodingResultDispatcher::dispatch):
(WebCore::DataURLDecoder::DecodingResultDispatcher::startTimer):
(WebCore::DataURLDecoder::DecodingResultDispatcher::timerFired):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@191921 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/platform/network/DataURLDecoder.cpp