Cronet native sample's UrlRequest destruction is racy |
|
Issue descriptionNot a race that's likely to hit, but we should fix it. I'm not sure if we'll need to make API changes to fix or not. [0][1] UrlRequestCallback.OnSucceded() is called (run via supplied executor). [2] The SampleUrlRequestCallback signals done. [3] PerformRequest() in the sample main.cc waits via WaitForDone(), then immediately destroys the UrlRequest after receiving the signal. [4] If the network thread that kicked off the executor somehow didn't run until this point (unlikely, but possible), it would use-after-free on accessing final_callback_posted_ and maybe crash. [0] https://cs.chromium.org/chromium/src/components/cronet/native/url_request.cc?l=674&rcl=865ca423f341c8a5f393626309c4db76a3dde5c9 [1] https://cs.chromium.org/chromium/src/components/cronet/native/url_request.cc?l=544&rcl=865ca423f341c8a5f393626309c4db76a3dde5c9 [2] https://cs.chromium.org/chromium/src/components/cronet/native/sample/sample_url_request_callback.cc?l=66&rcl=f4ae72c6ba57199c6596ee11bbaf452f839e68c4 [3] https://cs.chromium.org/chromium/src/components/cronet/native/sample/main.cc?l=36&rcl=78f6d8f3992c8d1058b391f553da2b3baf5076ae [4] https://cs.chromium.org/chromium/src/components/cronet/native/url_request.cc?l=676&rcl=865ca423f341c8a5f393626309c4db76a3dde5c9 |
|
►
Sign in to add a comment |
|