Title: [165812] trunk/Source/WebKit2
- Revision
- 165812
- Author
- [email protected]
- Date
- 2014-03-18 08:02:51 -0700 (Tue, 18 Mar 2014)
Log Message
[GTK] Race condition when the socket event source is cancelled
https://bugs.webkit.org/show_bug.cgi?id=130395
Reviewed by Martin Robinson.
In some cases when the socket event source is cancelled the socket
event source callback is called with the condition of the previous
poll instead of 0. This can happen sometimes when the source is
cancelled from the socket event source callback. Once the socket
event source is cancelled, it's dispatched by glib without
polling, so the condition is never reset again and the callback is
called again and again with the previous condition. When the
condition is G_IO_IN, the source is re-scheduled entering into an
infinite loop. We should always check if the source has been
cancelled at the beginning of the callback to destroy the source
instead of relying on the condition being 0.
* Platform/gtk/WorkQueueGtk.cpp:
(WorkQueue::SocketEventSource::isCancelled):
(WorkQueue::SocketEventSource::eventCallback):
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (165811 => 165812)
--- trunk/Source/WebKit2/ChangeLog 2014-03-18 14:33:40 UTC (rev 165811)
+++ trunk/Source/WebKit2/ChangeLog 2014-03-18 15:02:51 UTC (rev 165812)
@@ -1,3 +1,26 @@
+2014-03-18 Carlos Garcia Campos <[email protected]>
+
+ [GTK] Race condition when the socket event source is cancelled
+ https://bugs.webkit.org/show_bug.cgi?id=130395
+
+ Reviewed by Martin Robinson.
+
+ In some cases when the socket event source is cancelled the socket
+ event source callback is called with the condition of the previous
+ poll instead of 0. This can happen sometimes when the source is
+ cancelled from the socket event source callback. Once the socket
+ event source is cancelled, it's dispatched by glib without
+ polling, so the condition is never reset again and the callback is
+ called again and again with the previous condition. When the
+ condition is G_IO_IN, the source is re-scheduled entering into an
+ infinite loop. We should always check if the source has been
+ cancelled at the beginning of the callback to destroy the source
+ instead of relying on the condition being 0.
+
+ * Platform/gtk/WorkQueueGtk.cpp:
+ (WorkQueue::SocketEventSource::isCancelled):
+ (WorkQueue::SocketEventSource::eventCallback):
+
2014-03-18 Csaba Osztrogonác <[email protected]>
[GTK] URTFB after r165789. Stub function added.
Modified: trunk/Source/WebKit2/Platform/gtk/WorkQueueGtk.cpp (165811 => 165812)
--- trunk/Source/WebKit2/Platform/gtk/WorkQueueGtk.cpp 2014-03-18 14:33:40 UTC (rev 165811)
+++ trunk/Source/WebKit2/Platform/gtk/WorkQueueGtk.cpp 2014-03-18 15:02:51 UTC (rev 165812)
@@ -87,11 +87,21 @@
m_closeFunction();
}
+ bool isCancelled() const
+ {
+ return g_cancellable_is_cancelled(m_cancellable);
+ }
+
static gboolean eventCallback(GSocket*, GIOCondition condition, SocketEventSource* eventSource)
{
ASSERT(eventSource);
- if (condition & G_IO_HUP || condition & G_IO_ERR) {
+ if (eventSource->isCancelled()) {
+ // EventSource has been cancelled, return FALSE to destroy the source.
+ return FALSE;
+ }
+
+ if (condition & G_IO_HUP || condition & G_IO_ERR || condition & G_IO_NVAL) {
eventSource->didClose();
return FALSE;
}
@@ -101,7 +111,7 @@
return TRUE;
}
- // EventSource has been cancelled, return FALSE to destroy the source.
+ ASSERT_NOT_REACHED();
return FALSE;
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
