Benjamin Smedberg · Apr 16, 2014 · 8:22 PM UTC

Benjamin Smedberg @nsIAnswers

16 Apr 2014

Who can spot the use-after-free bug in this code? hg.mozilla.org/mozilla-centr…

Vlad Vukicevic · Apr 16, 2014 · 8:33 PM UTC

Vlad Vukicevic @vvuk

16 Apr 2014

@nsIAnswers nothing's holding a ref to *result, so the NS_SetThreadName might release it?

Benjamin Smedberg · Apr 16, 2014 · 8:35 PM UTC

Benjamin Smedberg @nsIAnswers

16 Apr 2014

@vvuk Close, but you got the wrong "thing that might release it".

Shawn Wilsher · Apr 16, 2014 · 11:51 PM UTC

Shawn Wilsher @sdwilsh

16 Apr 2014

@nsIAnswers @vvuk how is it wrong? Setting the name is async according to the docs (I hope it holds a ref until the naming is complete...)

Benjamin Smedberg · Apr 17, 2014 · 12:29 AM UTC

Benjamin Smedberg @nsIAnswers

17 Apr 2014

@sdwilsh @vvuk @CodingExon *result is a member which is cleared on the other thread when the task runs and the nsThread dies.

L. David Baron @dbaron@w3c.social · Apr 17, 2014 · 1:53 AM UTC

L. David Baron @dbaron@w3c.social · Apr 17, 2014 · 1:53 AM UTC

L. David Baron @dbaron@w3c.social @davidbaron

17 Apr 2014

Replying to @nsIAnswers

@nsIAnswers @sdwilsh @vvuk @CodingExon so does the patch leak because the code to release *aResult runs before it's assigned?

Apr 17, 2014 · 1:53 AM UTC