base::ObserverList iterator copy operations don't update the reference count |
||
Issue descriptionObserverList iterators update the reference count ObserverList::notify_depth_ in their explicit constructor and destructor. However, they do not explicitly define copy operations and instead rely on compiler-generated copy constructor and copy assignment operator which don't properly update the reference count. As a consequence, notify_depth_ can become negative. Since copy operations are generally elided by the compiler, this problem might have been unnoticed for a while. See: https://cs.chromium.org/chromium/src/base/observer_list.h?l=174&rcl=8f1e606d49b0b2cea3a0c0796a912f50171e7173 https://cs.chromium.org/chromium/src/base/observer_list.h?l=197&rcl=8f1e606d49b0b2cea3a0c0796a912f50171e7173 https://cs.chromium.org/chromium/src/base/observer_list.h?l=203&rcl=8f1e606d49b0b2cea3a0c0796a912f50171e7173
,
Nov 15 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0659d6933f81d7388047f3d5c6cb3e3ebc4a61a5 commit 0659d6933f81d7388047f3d5c6cb3e3ebc4a61a5 Author: François Degros <fdegros@chromium.org> Date: Wed Nov 15 09:31:44 2017 Fix ObserverListBase iterator. ObserverListBase iterators now have copy operations (copy constructor and assignment operator) that correctly update ObserverListBase::live_iterator_count_. Bug: 784647 Change-Id: If2c7d7244dfd7a6876b42c704635ddb85376069d Reviewed-on: https://chromium-review.googlesource.com/768093 Commit-Queue: François Degros <fdegros@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Cr-Commit-Position: refs/heads/master@{#516651} [modify] https://crrev.com/0659d6933f81d7388047f3d5c6cb3e3ebc4a61a5/base/observer_list.h [modify] https://crrev.com/0659d6933f81d7388047f3d5c6cb3e3ebc4a61a5/base/observer_list_unittest.cc
,
Nov 15 2017
|
||
►
Sign in to add a comment |
||
Comment 1 by fdegros@chromium.org
, Nov 14 2017