Issue 2044123003: Fix crash when closing a window with an associated widget child

Issue 2044123003: Fix crash when closing a window with an associated widget child (Closed)

Created:
4 years, 6 months ago by David Tseng

Modified:
4 years, 6 months ago

Reviewers:
dmazzoni

CC:
chromium-reviews, aboxhall+watch_chromium.org, tfarina, nektar+watch_chromium.org, yuzo+watch_chromium.org, je_julie, dmazzoni+watch_chromium.org, dtseng+watch_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Fix crash when closing a window with an associated widget child This is a similar issue to https://codereview.chromium.org/1644863003/ When closing some windows, the following occurs: - WebContentsImpl enters its destructor - a widget fires OnWidgetDestroying - an AXWidgetObjWrapper gets destroyed - WebContentsImpl fires an ax event - the ax serializer walks the aura window and gets the widget "child" of the aura window - a new AXWidgetObjWrapper gets created - the widget's OnWidgetDestroying finishes and widget is destroyed - WebContentsImpl exits its destructor - the AXWidgetObjWrapper instance is now wrapping a deallocated widget - future access to the AXWidgetObjWrapper causes a uaf. BUG=617020 Committed: https://crrev.com/0ede80c428189d30bb398e351d16217464bd9294 Cr-Commit-Position: refs/heads/master@{#398407}

Patch Set 1 #

Created: 4 years, 6 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+1 line, -1 line)			Patch
	M	ui/views/accessibility/ax_window_obj_wrapper.cc	View		1 chunk	+1 line, -1 line	0 comments	Download

Messages

Total messages: 11 (6 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

David Tseng

Description was changed from ========== Fix crash when closing a window with an associated widget ...

4 years, 6 months ago (2016-06-07 20:39:17 UTC) #4

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/2044123003/1

4 years, 6 months ago (2016-06-07 22:02:24 UTC) #7

commit-bot: I haz the power

Description was changed from ========== Fix crash when closing a window with an associated widget ...

4 years, 6 months ago (2016-06-07 22:50:12 UTC) #8

commit-bot: I haz the power

Description was changed from ========== Fix crash when closing a window with an associated widget ...

4 years, 6 months ago (2016-06-07 22:53:30 UTC) #10

commit-bot: I haz the power

4 years, 6 months ago (2016-06-07 22:53:31 UTC) #11

Message was sent while issue was closed.

Patchset 1 (id:??) landed as
https://crrev.com/0ede80c428189d30bb398e351d16217464bd9294
Cr-Commit-Position: refs/heads/master@{#398407}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages