Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(786)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1291303002: Fix flaky crash in WebPagePopupImpl::closePopup. (Closed)

Created:
5 years, 4 months ago by tkent
Modified:
5 years, 4 months ago
Reviewers:
keishi
CC:
blink-reviews
Target Ref:
refs/heads/master
Project:
blink
Visibility:
Public.

Description

Fix flaky crash in WebPagePopupImpl::closePopup. Reentrance to WebViewImpl::closePagePopup is possible. closePopup crashed in that case because m_page was valid and m_page->mainFrame() was nullptr. The details: If WebViewImpl::closePagePopup is called, and the LocalFrame in the page popup has the last references to the page popup owner Element, 1. WebPagePopupImpl::closePopup() calls destroyPage(). 2. destroyPage() calls Page::willBeDestroyed(). 3. willBeDestroyed() destructs the LocalFrame. 4. The LocalFrame destructor destructs the owner Element. 5. The owner Element destructor destructs PickerIndicatorElement. 6. PickerIndicatorElement destructor calls WebViewImpl::closePagePopup(). This CL changes WebViewImpl::closePagePopup() so that m_pagePopup is cleared before calling WebPagePopupImpl::closePopup() to avoid reentrancy to it. BUG=454043 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=200528

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+8 lines, -4 lines) Patch
M Source/web/WebViewImpl.cpp View 1 chunk +8 lines, -4 lines 0 comments Download

Messages

Total messages: 8 (2 generated)
tkent
Keishi, please review this.
5 years, 4 months ago (2015-08-14 05:46:16 UTC) #2
keishi
LGTM
5 years, 4 months ago (2015-08-14 05:51:41 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1291303002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1291303002/1
5 years, 4 months ago (2015-08-14 06:05:54 UTC) #5
commit-bot: I haz the power
Committed patchset #1 (id:1) as https://src.chromium.org/viewvc/blink?view=rev&revision=200528
5 years, 4 months ago (2015-08-14 08:32:52 UTC) #6
tkent
A revert of this CL (patchset #1 id:1) has been created in https://codereview.chromium.org/1297883002/ by tkent@chromium.org. ...
5 years, 4 months ago (2015-08-17 02:21:39 UTC) #7
tkent
5 years, 4 months ago (2015-08-17 02:24:28 UTC) #8
Message was sent while issue was closed. 
I realized this was not a right fix.
With this patch, PIckerIndicatorElement (implements DateTimeChooserClient) dies
before WebPagePopupImpl notifies the close to PickerIndicatorElement.

Powered by Google App Engine
This is Rietveld 408576698