| commit | 3c019ca1da474514203dbb0b61157a59e1165cfc | |
| author | fsamuel@chromium.org <fsamuel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | |
| Fri, 23 Aug 2013 04:41:15 +0000 (23 04:41 +0000) | ||
| committer | fsamuel@chromium.org <fsamuel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | |
| Fri, 23 Aug 2013 04:41:15 +0000 (23 04:41 +0000) | ||
| tree | 6fd78890ccbeb6fea9905f089a69b8d69210496a | treesnapshot (tar.gz zip) |
| parent | 7be272c3e63bc831c0c76257ab3479c54b682932 | commitdiff |
Fix malformed <webview> crash
After allocating an instance ID in the browser process, BrowserPluginManager
calls back into the BrowserPlugin that made the request to inform it of its
instance ID. If, during that time, BrowserPlugin was destroyed, then
BrowserPluginManager would've accessed an invalid BrowserPlugin pointer.
This CL solves this problem by using weak pointers for calling back into
BrowserPlugin. If the calling BrowserPlugin has been destroyed in the meantime,
BrowserPluginManager will not call into it.
BUG=276023
Test=WebViewTest.Shim_TestRemoveWebviewAfterNavigation
Review URL: https://chromiumcodereview.appspot.com/22870029
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@219220 0039d316-1c4b-4281-b951-d872f2087c98
After allocating an instance ID in the browser process, BrowserPluginManager
calls back into the BrowserPlugin that made the request to inform it of its
instance ID. If, during that time, BrowserPlugin was destroyed, then
BrowserPluginManager would've accessed an invalid BrowserPlugin pointer.
This CL solves this problem by using weak pointers for calling back into
BrowserPlugin. If the calling BrowserPlugin has been destroyed in the meantime,
BrowserPluginManager will not call into it.
BUG=276023
Test=WebViewTest.Shim_TestRemoveWebviewAfterNavigation
Review URL: https://chromiumcodereview.appspot.com/22870029
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@219220 0039d316-1c4b-4281-b951-d872f2087c98