Chromium Code Reviews
DescriptionAvoid use-after-free if frame is deleted when stopping loading.
WebFrame::stopLoading can run onload event handlers, which have
the ability to delete the frame. This means we must be careful
when calling it from within RenderFrameImpl, or else the
remainder of the function may try to access a deleted object.
BUG=638166, 639689
TEST=See bug 638166 comment 11
NOTRY=true
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2307463003
Cr-Commit-Position: refs/heads/master@{#416082}
(cherry picked from commit ba53b47ffb07652d639e68db92743dc9aea21e5c)
Patch Set 1 #
Messages
Total messages: 8 (4 generated)
|
|||||||||||||||||||