Benjamin Smedberg · Apr 16, 2014 · 8:22 PM UTC

Benjamin Smedberg @nsIAnswers

16 Apr 2014

Who can spot the use-after-free bug in this code? hg.mozilla.org/mozilla-centr…

Vlad Vukicevic · Apr 16, 2014 · 8:33 PM UTC

Vlad Vukicevic @vvuk

16 Apr 2014

@nsIAnswers nothing's holding a ref to *result, so the NS_SetThreadName might release it?

Daniel Holbert · Apr 16, 2014 · 11:20 PM UTC

Daniel Holbert @CodingExon

16 Apr 2014

@vvuk @nsIAnswers I don't think so; NS_NewThread leaves the object w/ refcount=1, and that 1 ref is reserved for caller of NS_NewNamedThread

L. David Baron @dbaron@w3c.social · Apr 17, 2014 · 1:00 AM UTC

L. David Baron @dbaron@w3c.social · Apr 17, 2014 · 1:00 AM UTC

L. David Baron @dbaron@w3c.social @davidbaron

17 Apr 2014

Replying to @CodingExon

@CodingExon @vvuk @nsIAnswers Assuming it hasn't been put in a member variable from which it can be released before fn finishes

Apr 17, 2014 · 1:00 AM UTC