diff options
| author | mukai@chromium.org <mukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-02-03 23:27:11 +0000 |
|---|---|---|
| committer | mukai@chromium.org <mukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-02-03 23:27:11 +0000 |
| commit | c632422606eeac6c01fe45f803a907acc4eb2135 (patch) | |
| tree | e5b5d7cba0363726d4edfbe4503e97c83eb509f4 | |
| parent | 812239f93e8e8499692a03d4115afdcc697322c9 (diff) | |
| download | chromium_src-c632422606eeac6c01fe45f803a907acc4eb2135.zip chromium_src-c632422606eeac6c01fe45f803a907acc4eb2135.tar.gz chromium_src-c632422606eeac6c01fe45f803a907acc4eb2135.tar.bz2 | |
Merge 247917 "Ensure calling Close and set_listener(NULL) on End()."
> Ensure calling Close and set_listener(NULL) on End().
>
> WebContentsImpl's dtor calls End() but it may not cause
> set_listener(NULL) in some case, which may cause a use-after-free.
>
> This CL always reset them at End(). This would mean
> DidEndColorChooser() may be called twice, so web_contents_
> has to be reset to NULL once DidEndColorChooser() is called.
>
> BUG=338464
> R=keishi@chromium.org
>
> Review URL: https://codereview.chromium.org/148223009
TBR=mukai@chromium.org
Review URL: https://codereview.chromium.org/135393013
git-svn-id: svn://svn.chromium.org/chrome/branches/1750/src@248608 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/browser/ui/views/color_chooser_aura.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/chrome/browser/ui/views/color_chooser_aura.cc b/chrome/browser/ui/views/color_chooser_aura.cc index d7bf7eb..33e9260 100644 --- a/chrome/browser/ui/views/color_chooser_aura.cc +++ b/chrome/browser/ui/views/color_chooser_aura.cc @@ -35,7 +35,7 @@ void ColorChooserAura::OnColorChooserDialogClosed() { } void ColorChooserAura::End() { - if (widget_ && widget_->IsVisible()) { + if (widget_) { view_->set_listener(NULL); widget_->Close(); view_ = NULL; |