Prevent |ChildAsyncCallback|s from touching freed |PluginInstanceChild|s if NPP_Destroy() re-enters or races with the callback. r=bsmedberg
authorChris Jones <jones.chris.g@gmail.com>
Fri, 29 Jan 2010 13:24:11 -0600
changeset 37633 740e44bb94373b406a835feb270cfcedb34cbbf0
parent 37632 915147e9ed53475fdb5d4b3d4030ec964f9e01de
child 37634 f61e06c310864b2ca5420d33aebc2307b8344088
push id11412
push usercjones@mozilla.com
push dateFri, 29 Jan 2010 19:25:25 +0000
treeherdermozilla-central@740e44bb9437 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbsmedberg
milestone1.9.3a1pre
Prevent |ChildAsyncCallback|s from touching freed |PluginInstanceChild|s if NPP_Destroy() re-enters or races with the callback. r=bsmedberg
dom/plugins/ChildAsyncCall.cpp
--- a/dom/plugins/ChildAsyncCall.cpp
+++ b/dom/plugins/ChildAsyncCall.cpp
@@ -59,16 +59,16 @@ ChildAsyncCall::Cancel()
   mFunc = NULL;
   mData = NULL;
 }
 
 NS_IMETHODIMP
 ChildAsyncCall::Run()
 {
   if (mFunc) {
+    mInstance->mPendingAsyncCalls.RemoveElement(this);
     mFunc(mData);
-    mInstance->mPendingAsyncCalls.RemoveElement(this);
   }
   return NS_OK;
 }
 
 } // namespace plugins
 } // namespace mozilla