| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libproxy currently attempts to cache pacrunner objects in the pr member
variable of its pacrunner_extension object. This is broken, though,
because it relies on the pacrunner object also being stored in
pacrunner_extension's last member variable, which is never written to.
So that caching has never worked properly. In practice, it only does one
thing: it causes a threadsafety bug, #68, because it causes the old
pacrunner object to be deleted on the thread that is creating the new
pacrunner, which is illegal for both the mozjs and WebKit-based
pacrunner extensions that expect their objects to be deleted on the same
thread they were created on.
This patch was originally written by Dan Winship for Fedora 19. It got
dropped in Fedora 24, then resurrected again for Fedora 28 after we
noticed 30,000 crash reports. I've tweaked it a bit to completely
remove the unused member variables.
Finally, note that this code is not exception-safe: if an exception is
thrown, the pacrunner could be leaked. But this seems to be a common
problem throughout libproxy. It should be fixed by using std::unique_ptr
instead of raw new and delete.
https://bugzilla.redhat.com/show_bug.cgi?id=998232
Fixes #68
|
