| Index: components/autofill/content/renderer/autofill_agent.cc
|
| diff --git a/components/autofill/content/renderer/autofill_agent.cc b/components/autofill/content/renderer/autofill_agent.cc
|
| index e233d106484d074fd3e691c6aa492bbbd637b3ca..788e01b767f5e90a137f7a131b8ac468beeb5011 100644
|
| --- a/components/autofill/content/renderer/autofill_agent.cc
|
| +++ b/components/autofill/content/renderer/autofill_agent.cc
|
| @@ -312,6 +312,14 @@ void AutofillAgent::FocusedNodeChanged(const WebNode& node) {
|
| element_ = *element;
|
| }
|
|
|
| +void AutofillAgent::OnDestruct() {
|
| + // As described in http://crbug.com/608100, there might be an AutofillAgent
|
| + // method in-progress lower on the stack. Destroying |this| would cause
|
| + // use-after-free once the lower stack frame becomes active. Instead, a task
|
| + // needs to be posted to delete this.
|
| + base::ThreadTaskRunnerHandle::Get()->DeleteSoon(FROM_HERE, this);
|
| +}
|
| +
|
| void AutofillAgent::FocusChangeComplete() {
|
| WebDocument doc = render_frame()->GetWebFrame()->document();
|
| WebElement focused_element;
|
|
|
Chromium Code Reviews
Issue 1943873002:
Postpone deletion of (Password)AutofillAgent (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master