Fix a browser crash when the async resource handler keeps an

IOBuffer after a failed attempt to send the data to a (now gone) renderer. The shared memory section is unmapped so the buffer must not be kept around and possibly re-used. I'm also fixing a leak reported by purify. BUG=7487 BUG=7374 Review URL: http://codereview.chromium.org/21222 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9540 0039d316-1c4b-4281-b951-d872f2087c98
author: rvargas@google.com <rvargas@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2009-02-11 01:32:58 +0000
committer: rvargas@google.com <rvargas@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2009-02-11 01:32:58 +0000
commit: ed1f53ed257c6f79d464092165d4d318c7e7f777 (patch)
tree: 8728e72810b6bde8cb1e9c39e7edf5376741de0a
parent: 7258924d59592745795ec1c12eafb20a30625826 (diff)
download: chromium_src-ed1f53ed257c6f79d464092165d4d318c7e7f777.zip
chromium_src-ed1f53ed257c6f79d464092165d4d318c7e7f777.tar.gz
chromium_src-ed1f53ed257c6f79d464092165d4d318c7e7f777.tar.bz2
2 files changed, 8 insertions, 1 deletions
diff --git a/base/shared_memory.h b/base/shared_memory.h
index ede36c5..3bfa003 100644
--- a/base/shared_memory.h
+++ b/base/shared_memory.h
@@ -113,6 +113,8 @@ class SharedMemory {
   //   bool ok = ShareToProcess(process, new_handle);
   //   Close();
   //   return ok;
+  // Note that the memory is unmapped by calling this method, regardless of the
+  // return value.
   bool GiveToProcess(ProcessHandle process,
                      SharedMemoryHandle* new_handle) {
     return ShareToProcessCommon(process, new_handle, true);
diff --git a/chrome/browser/renderer_host/async_resource_handler.cc b/chrome/browser/renderer_host/async_resource_handler.cc
index 687946e..881d686 100644
--- a/chrome/browser/renderer_host/async_resource_handler.cc
+++ b/chrome/browser/renderer_host/async_resource_handler.cc
@@ -103,6 +103,8 @@ bool AsyncResourceHandler::OnReadCompleted(int request_id, int* bytes_read) {
     // it's killing our read_buffer_, and we don't want that when we pause
     // the request.
     rdh_->OnDataReceivedACK(render_process_host_id_, request_id);
+    // We just unmapped the memory.
+    read_buffer_ = NULL;
     return false;
   }
   // We just unmapped the memory.
@@ -130,5 +132,8 @@ bool AsyncResourceHandler::OnResponseCompleted(int request_id,
 
 // static
 void AsyncResourceHandler::GlobalCleanup() {
-  spare_read_buffer_ = NULL;
+  if (spare_read_buffer_) {
+    spare_read_buffer_->Release();
+    spare_read_buffer_ = NULL;
+  }
 }
author	rvargas@google.com <rvargas@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2009-02-11 01:32:58 +0000
committer	rvargas@google.com <rvargas@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2009-02-11 01:32:58 +0000
commit	ed1f53ed257c6f79d464092165d4d318c7e7f777 (patch)
tree	8728e72810b6bde8cb1e9c39e7edf5376741de0a
parent	7258924d59592745795ec1c12eafb20a30625826 (diff)
download	chromium_src-ed1f53ed257c6f79d464092165d4d318c7e7f777.zip chromium_src-ed1f53ed257c6f79d464092165d4d318c7e7f777.tar.gz chromium_src-ed1f53ed257c6f79d464092165d4d318c7e7f777.tar.bz2