|
|
Created:
4 years, 3 months ago by leonhsl(Using Gerrit) Modified:
4 years, 3 months ago CC:
chromium-reviews, darin-cc_chromium.org, jam, mlamouri+watch-content_chromium.org Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionForbid ImageDownloaderImpl from accessing RenderThread instance after message loop shutdown.
This CL fixes the crash caused by following possible scenario:
- the message loop is shutdown.
- during its destructor it calls connection error on ImageDownloaderImpl.
- the strong binding of ImageDownloaderImpl causes it to be destructed.
- the destructor calls RenderThread::Get()->RemoveObserver(this),
which is not valid any more.
BUG=640999
TBR=jochen@chromium.org
Committed: https://crrev.com/d2ac649bc631233f4355860a011d3d30f985bb67
Cr-Commit-Position: refs/heads/master@{#414985}
Patch Set 1 #
Total comments: 2
Patch Set 2 : Add comments to explain why we do the null check #Messages
Total messages: 32 (22 generated)
The CQ bit was checked by leon.han@intel.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
leon.han@intel.com changed reviewers: + jochen@chromium.org, yzshen@chromium.org
Hi, would you PTAL at this? Thanks.
jochen@chromium.org changed reviewers: + haraken@chromium.org
+haraken can this still happen now that all the shutdown stuff was ripped out?
On 2016/08/26 15:06:40, jochen wrote: > +haraken > > can this still happen now that all the shutdown stuff was ripped out? Maybe this could still happen because I've just removed blink::shutdown... We should remove more code from the shutdown sequence so that this kind of crash is gone.
LGTM https://codereview.chromium.org/2286603002/diff/1/content/renderer/image_down... File content/renderer/image_downloader/image_downloader_impl.cc (right): https://codereview.chromium.org/2286603002/diff/1/content/renderer/image_down... content/renderer/image_downloader/image_downloader_impl.cc:134: if (thread) Please comment on why this null check is necessary
Uploaded ps#2 to address Yuzhu's comments, Thanks~ Hi, jochen@, haraken@, do we need to land this CL for now to fix the bug http://crbug.com/640999 ? As this bug is marked as high security severity now.. Thanks. https://codereview.chromium.org/2286603002/diff/1/content/renderer/image_down... File content/renderer/image_downloader/image_downloader_impl.cc (right): https://codereview.chromium.org/2286603002/diff/1/content/renderer/image_down... content/renderer/image_downloader/image_downloader_impl.cc:134: if (thread) On 2016/08/26 19:20:31, yzshen1 wrote: > Please comment on why this null check is necessary Done and thanks.
The CQ bit was checked by leon.han@intel.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
On 2016/08/29 02:17:30, leonhsl wrote: > Uploaded ps#2 to address Yuzhu's comments, Thanks~ > > Hi, jochen@, haraken@, do we need to land this CL for now to fix the bug > http://crbug.com/640999 ? As this bug is marked as high security severity now.. > Thanks. > > https://codereview.chromium.org/2286603002/diff/1/content/renderer/image_down... > File content/renderer/image_downloader/image_downloader_impl.cc (right): > > https://codereview.chromium.org/2286603002/diff/1/content/renderer/image_down... > content/renderer/image_downloader/image_downloader_impl.cc:134: if (thread) > On 2016/08/26 19:20:31, yzshen1 wrote: > > Please comment on why this null check is necessary > > Done and thanks. Yes, please land. LGTM.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Exceeded global retry quota
The CQ bit was checked by leon.han@intel.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
The CQ bit was checked by leon.han@intel.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
Description was changed from ========== Forbid ImageDownloaderImpl from accessing RenderThread instance after message loop shutdown. This CL fixes the crash caused by following possible scenario: - the message loop is shutdown. - during its destructor it calls connection error on ImageDownloaderImpl. - the strong binding of ImageDownloaderImpl causes it to be destructed. - the destructor calls RenderThread::Get()->RemoveObserver(this), which is not valid any more. BUG=640999 ========== to ========== Forbid ImageDownloaderImpl from accessing RenderThread instance after message loop shutdown. This CL fixes the crash caused by following possible scenario: - the message loop is shutdown. - during its destructor it calls connection error on ImageDownloaderImpl. - the strong binding of ImageDownloaderImpl causes it to be destructed. - the destructor calls RenderThread::Get()->RemoveObserver(this), which is not valid any more. BUG=640999 TBR=jochen@chromium.org ==========
On 2016/08/29 02:34:17, haraken wrote: > On 2016/08/29 02:17:30, leonhsl wrote: > > Uploaded ps#2 to address Yuzhu's comments, Thanks~ > > > > Hi, jochen@, haraken@, do we need to land this CL for now to fix the bug > > http://crbug.com/640999 ? As this bug is marked as high security severity > now.. > > Thanks. > > > > > https://codereview.chromium.org/2286603002/diff/1/content/renderer/image_down... > > File content/renderer/image_downloader/image_downloader_impl.cc (right): > > > > > https://codereview.chromium.org/2286603002/diff/1/content/renderer/image_down... > > content/renderer/image_downloader/image_downloader_impl.cc:134: if (thread) > > On 2016/08/26 19:20:31, yzshen1 wrote: > > > Please comment on why this null check is necessary > > > > Done and thanks. > > Yes, please land. LGTM. Thanks haraken@ a lot for kindly help. Assuming jochen@ are OK with the approval from haraken@ and Yuzhu, let me TBR and land this now.
The CQ bit was checked by leon.han@intel.com
The patchset sent to the CQ was uploaded after l-g-t-m from yzshen@chromium.org Link to the patchset: https://codereview.chromium.org/2286603002/#ps20001 (title: "Add comments to explain why we do the null check")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Message was sent while issue was closed.
Committed patchset #2 (id:20001)
Message was sent while issue was closed.
Description was changed from ========== Forbid ImageDownloaderImpl from accessing RenderThread instance after message loop shutdown. This CL fixes the crash caused by following possible scenario: - the message loop is shutdown. - during its destructor it calls connection error on ImageDownloaderImpl. - the strong binding of ImageDownloaderImpl causes it to be destructed. - the destructor calls RenderThread::Get()->RemoveObserver(this), which is not valid any more. BUG=640999 TBR=jochen@chromium.org ========== to ========== Forbid ImageDownloaderImpl from accessing RenderThread instance after message loop shutdown. This CL fixes the crash caused by following possible scenario: - the message loop is shutdown. - during its destructor it calls connection error on ImageDownloaderImpl. - the strong binding of ImageDownloaderImpl causes it to be destructed. - the destructor calls RenderThread::Get()->RemoveObserver(this), which is not valid any more. BUG=640999 TBR=jochen@chromium.org Committed: https://crrev.com/d2ac649bc631233f4355860a011d3d30f985bb67 Cr-Commit-Position: refs/heads/master@{#414985} ==========
Message was sent while issue was closed.
Patchset 2 (id:??) landed as https://crrev.com/d2ac649bc631233f4355860a011d3d30f985bb67 Cr-Commit-Position: refs/heads/master@{#414985} |