Google Git
Sign in
chromium / chromium / src / 0bfbcdbfedb378cb77baca3d22af303ff63d193f^! / . / chrome / browser / browser_process_impl.cc
commit0bfbcdbfedb378cb77baca3d22af303ff63d193f[log] [tgz]
author[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Thu Sep 15 21:28:04 2011
committer[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Thu Sep 15 21:28:04 2011
tree9a5b8887b7af5a31167d1177da5e810c21dd055e
parent9b85fb2b50d01aa61405ad1263f05b437b68489a [diff] [blame]
Fix the memory access race on the WaitableEvent in EndSession.

[email protected]
BUG=71031
TEST=None


Review URL: http://codereview.chromium.org/7862007

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@101381 0039d316-1c4b-4281-b951-d872f2087c98

diff --git a/chrome/browser/browser_process_impl.cc b/chrome/browser/browser_process_impl.cc
index c67040b7..309b4fc 100644
--- a/chrome/browser/browser_process_impl.cc
+++ b/chrome/browser/browser_process_impl.cc

@@ -350,11 +350,16 @@
   // then proceed with normal shutdown.
 #if defined(USE_X11)
   //  Can't run a local loop on linux. Instead create a waitable event.
-  base::WaitableEvent done_writing(false, false);
+  scoped_ptr<base::WaitableEvent> done_writing(
+      new base::WaitableEvent(false, false));
   BrowserThread::PostTask(BrowserThread::FILE, FROM_HERE,
-      NewRunnableFunction(Signal, &done_writing));
-  done_writing.TimedWait(
-      base::TimeDelta::FromSeconds(kEndSessionTimeoutSeconds));
+      NewRunnableFunction(Signal, done_writing.get()));
+  // If all file writes haven't cleared in the timeout, leak the WaitableEvent
+  // so that there's no race to reference it in Signal().
+  if (!done_writing->TimedWait(
+      base::TimeDelta::FromSeconds(kEndSessionTimeoutSeconds)))
+    ignore_result(done_writing.release());
+
 #elif defined(OS_WIN)
   BrowserThread::PostTask(BrowserThread::FILE, FROM_HERE,
       NewRunnableFunction(PostQuit, MessageLoop::current()));