diff options
| author | jered@chromium.org <jered@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-05-30 16:45:30 +0000 |
|---|---|---|
| committer | jered@chromium.org <jered@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-05-30 16:45:30 +0000 |
| commit | 019794e472f3e8d914155938fbf5a935a0d184c8 (patch) | |
| tree | f1878106319f5f055f4044acb2e4e99a2425fd88 | |
| parent | be04d2bbcef6e0cbfbf83f13f94ef69e752cf7a5 (diff) | |
| download | chromium_src-019794e472f3e8d914155938fbf5a935a0d184c8.zip chromium_src-019794e472f3e8d914155938fbf5a935a0d184c8.tar.gz chromium_src-019794e472f3e8d914155938fbf5a935a0d184c8.tar.bz2 | |
Merge 202216 "Fix memory corruption happening in DeletePageSoon."
> Fix memory corruption happening in DeletePageSoon.
>
> Previously, we were letting the WebContents be deleted immediately.
> This can be a problem if the call stack that got here unwinds and
> expects to use the WebContents subsequently (e.g.: to continue
> notifying other observers or delegates). So, delay delete the contents.
>
> BUG=243496
>
> Review URL: https://chromiumcodereview.appspot.com/15734016
TBR=dcblack@chromium.org
Review URL: https://codereview.chromium.org/16235004
git-svn-id: svn://svn.chromium.org/chrome/branches/1500/src@203162 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/browser/ui/search/instant_controller.cc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/chrome/browser/ui/search/instant_controller.cc b/chrome/browser/ui/search/instant_controller.cc index a18627c..dd1a863 100644 --- a/chrome/browser/ui/search/instant_controller.cc +++ b/chrome/browser/ui/search/instant_controller.cc @@ -226,8 +226,10 @@ bool GetURLForMostVisitedItemID(Profile* profile, template <typename T> void DeletePageSoon(scoped_ptr<T> page) { - if (page->contents()) - page->ReleaseContents(); + if (page->contents()) { + base::MessageLoop::current()->DeleteSoon( + FROM_HERE, page->ReleaseContents().release()); + } MessageLoop::current()->DeleteSoon(FROM_HERE, page.release()); } |