diff options
| author | aelias@chromium.org <aelias@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-04-01 01:58:53 +0000 |
|---|---|---|
| committer | aelias@chromium.org <aelias@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-04-01 01:58:53 +0000 |
| commit | 6eb21c09019e8b274b09bd726a7242a53ecb676a (patch) | |
| tree | f8a53d724a444fc1a7db8f198057b6cf7710746b | |
| parent | db8495105e87459ebee2376bdfeaf4abddc744b5 (diff) | |
| download | chromium_src-6eb21c09019e8b274b09bd726a7242a53ecb676a.zip chromium_src-6eb21c09019e8b274b09bd726a7242a53ecb676a.tar.gz chromium_src-6eb21c09019e8b274b09bd726a7242a53ecb676a.tar.bz2 | |
Merge 260579 "Android: Fix null ptr deref"
> Android: Fix null ptr deref
>
> With r258476 it became possible to call RunAckCallbacks() after
> host_ was reset to NULL from Destroy().
>
> ReleaseLocksOnSurface() can call InternalSwapCompositorFrame()
> which queues an ACK if we are visible.
>
> Make sure that when we call SetContentViewCore(NULL) the first
> time while |host_| is still valid, we are not left with an unsent
> ACK.
>
> BUG=278466
> NOTRY=True
>
> Review URL: https://codereview.chromium.org/212123011
TBR=sievers@chromium.org
Review URL: https://codereview.chromium.org/220233003
git-svn-id: svn://svn.chromium.org/chrome/branches/1847/src@260744 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | content/browser/renderer_host/render_widget_host_view_android.cc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/content/browser/renderer_host/render_widget_host_view_android.cc b/content/browser/renderer_host/render_widget_host_view_android.cc index c3f88ef..5f781cd 100644 --- a/content/browser/renderer_host/render_widget_host_view_android.cc +++ b/content/browser/renderer_host/render_widget_host_view_android.cc @@ -420,6 +420,7 @@ void RenderWidgetHostViewAndroid::ReleaseLocksOnSurface() { while (locks_on_frame_count_ > 0) { UnlockCompositingSurface(); } + RunAckCallbacks(); } gfx::Rect RenderWidgetHostViewAndroid::GetViewBounds() const { @@ -740,6 +741,7 @@ void RenderWidgetHostViewAndroid::OnAcceleratedCompositingStateChange() { void RenderWidgetHostViewAndroid::SendDelegatedFrameAck( uint32 output_surface_id) { + DCHECK(host_); cc::CompositorFrameAck ack; if (resource_collection_.get()) resource_collection_->TakeUnusedResourcesForChildCompositor(&ack.resources); @@ -1396,8 +1398,6 @@ void RenderWidgetHostViewAndroid::DidStopFlinging() { void RenderWidgetHostViewAndroid::SetContentViewCore( ContentViewCoreImpl* content_view_core) { - RunAckCallbacks(); - RemoveLayers(); // TODO: crbug.com/324341 // WindowAndroid and Compositor should outlive all WebContents. @@ -1453,7 +1453,7 @@ void RenderWidgetHostViewAndroid::OnLostResources() { if (delegated_renderer_layer_.get()) DestroyDelegatedContent(); texture_id_in_layer_ = 0; - RunAckCallbacks(); + DCHECK(ack_callbacks_.empty()); } // static |