[chromium-bugs] Re: Issue 28749 in chromium: gcc 4.4-specific renderer crash in malloc, memory corruption while loading plugins (?)

Mon, 04 Jan 2010 09:36:44 -0800 

Comment #36 on issue 28749 by [email protected]: gcc  
4.4-specific renderer crash in malloc, memory corruption while loading  
plugins (?)
http://code.google.com/p/chromium/issues/detail?id=28749

If all else fails, shuffle some code around and hope the compiler optimizes  
things
differently ... this seems to work:

diff --git a/base/lazy_instance.h b/base/lazy_instance.h
index d7754a7..3f621c3 100644
--- a/base/lazy_instance.h
+++ b/base/lazy_instance.h
@@ -86,7 +86,9 @@ class LazyInstanceHelper {
  template <typename Type, typename Traits = DefaultLazyInstanceTraits<Type>  
>
  class LazyInstance : public LazyInstanceHelper {
   public:
-  explicit LazyInstance(LinkerInitialized x) : LazyInstanceHelper(x) { }
+  explicit LazyInstance(LinkerInitialized x) : LazyInstanceHelper(x) {
+    instance_ = reinterpret_cast<Type*>(&buf_);
+  }
    // Declaring a destructor (even if it's empty) will cause MSVC to  
register a
    // static initializer to register the empty destructor with atexit().

@@ -95,11 +97,9 @@ class LazyInstance : public LazyInstanceHelper {
    }

    Type* Pointer() {
-    Type* instance = reinterpret_cast<Type*>(&buf_);
-
      // We will hopefully have fast access when the instance is already  
created.
      if (base::subtle::NoBarrier_Load(&state_) != STATE_CREATED)
-      EnsureInstance(instance, Traits::New, Traits::Delete);
+      EnsureInstance(instance_, Traits::New, Traits::Delete);

      // This annotation helps race detectors recognize correct lock-less
      // synchronization between different threads calling Pointer().
@@ -109,11 +109,12 @@ class LazyInstance : public LazyInstanceHelper {
      // See the corresponding HAPPENS_BEFORE in EnsureInstance(...).
      ANNOTATE_HAPPENS_AFTER(&state_);

-    return instance;
+    return instance_;
    }

   private:
-  int8 buf_[sizeof(Type)];  // Preallocate the space for the Type instance.
+  char buf_[sizeof(Type)];  // Preallocate the space for the Type instance.
+  Type* instance_;

    DISALLOW_COPY_AND_ASSIGN(LazyInstance);
  };

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

-- 
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs

Reply via email to