diff options
| author | paulg@google.com <paulg@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-04-02 22:59:23 +0000 |
|---|---|---|
| committer | paulg@google.com <paulg@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-04-02 22:59:23 +0000 |
| commit | 9e78a0246df0ff78794439a2f5b4be25df056b2c (patch) | |
| tree | 5ec60ef1d86e879997d7364eb2a4d9aba1c800aa | |
| parent | 696f79c12210763412e71b96f24ceb9655dce03d (diff) | |
| download | chromium_src-9e78a0246df0ff78794439a2f5b4be25df056b2c.zip chromium_src-9e78a0246df0ff78794439a2f5b4be25df056b2c.tar.gz chromium_src-9e78a0246df0ff78794439a2f5b4be25df056b2c.tar.bz2 | |
Speculative fix for a crash in resource handlers.
Investigating the crash dumps for this bug, it looks like
under certain network error conditions, the resource handlers
are freed before the SafeBrowsing check has completed. When
the check runs, it calls into invalid memory and crashes.
BUG=8544 (http://crbug.com/8544)
Review URL: http://codereview.chromium.org/60043
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@13052 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/browser/renderer_host/safe_browsing_resource_handler.cc | 7 | ||||
| -rw-r--r-- | chrome/browser/renderer_host/safe_browsing_resource_handler.h | 1 |
2 files changed, 8 insertions, 0 deletions
diff --git a/chrome/browser/renderer_host/safe_browsing_resource_handler.cc b/chrome/browser/renderer_host/safe_browsing_resource_handler.cc index 0d0d058..22c6873 100644 --- a/chrome/browser/renderer_host/safe_browsing_resource_handler.cc +++ b/chrome/browser/renderer_host/safe_browsing_resource_handler.cc @@ -37,6 +37,13 @@ SafeBrowsingResourceHandler::SafeBrowsingResourceHandler( } } +SafeBrowsingResourceHandler::~SafeBrowsingResourceHandler() { + // If we're being deleted before the SafeBrowsing check has completed, cancel + // the check. + if (in_safe_browsing_check_) + safe_browsing_->CancelCheck(this); +} + bool SafeBrowsingResourceHandler::OnUploadProgress(int request_id, uint64 position, uint64 size) { diff --git a/chrome/browser/renderer_host/safe_browsing_resource_handler.h b/chrome/browser/renderer_host/safe_browsing_resource_handler.h index a3c74ba..1585e35 100644 --- a/chrome/browser/renderer_host/safe_browsing_resource_handler.h +++ b/chrome/browser/renderer_host/safe_browsing_resource_handler.h @@ -24,6 +24,7 @@ class SafeBrowsingResourceHandler : public ResourceHandler, ResourceType::Type resource_type, SafeBrowsingService* safe_browsing, ResourceDispatcherHost* resource_dispatcher_host); + ~SafeBrowsingResourceHandler(); // ResourceHandler implementation: bool OnUploadProgress(int request_id, uint64 position, uint64 size); |