diff options
| author | mukai@chromium.org <mukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-30 10:23:47 +0000 |
|---|---|---|
| committer | mukai@chromium.org <mukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-30 10:23:47 +0000 |
| commit | d230fb1160aa05627549c019488bdebdcd30d652 (patch) | |
| tree | 417a0585d749e6da3fb7e3492c91247a2fee8cbb | |
| parent | eeedaa6980f8153c09841240313ed7ee088a2cc8 (diff) | |
| download | chromium_src-d230fb1160aa05627549c019488bdebdcd30d652.zip chromium_src-d230fb1160aa05627549c019488bdebdcd30d652.tar.gz chromium_src-d230fb1160aa05627549c019488bdebdcd30d652.tar.bz2 | |
Ensure calling Close and set_listener(NULL) on End().
WebContentsImpl's dtor calls End() but it may not cause
set_listener(NULL) in some case, which may cause a use-after-free.
This CL always reset them at End(). This would mean
DidEndColorChooser() may be called twice, so web_contents_
has to be reset to NULL once DidEndColorChooser() is called.
BUG=338464
R=keishi@chromium.org
Review URL: https://codereview.chromium.org/148223009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@247917 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/browser/ui/views/color_chooser_aura.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/chrome/browser/ui/views/color_chooser_aura.cc b/chrome/browser/ui/views/color_chooser_aura.cc index d7bf7eb..33e9260 100644 --- a/chrome/browser/ui/views/color_chooser_aura.cc +++ b/chrome/browser/ui/views/color_chooser_aura.cc @@ -35,7 +35,7 @@ void ColorChooserAura::OnColorChooserDialogClosed() { } void ColorChooserAura::End() { - if (widget_ && widget_->IsVisible()) { + if (widget_) { view_->set_listener(NULL); widget_->Close(); view_ = NULL; |