chromium_src.git - central chromium sources

diff options

author	jdufault <jdufault@chromium.org>	2016-01-06 17:54:42 -0800
committer	Commit bot <commit-bot@chromium.org>	2016-01-07 01:55:50 +0000
commit	ac8fb6f2be2c9638d14ae0b4d69a206f979e1b25 (patch)
tree	f7e79d338ee66656cb6726da43df2c47e3ef2288 /cc
parent	323d7f4e6206bbea77d21f65beae92565ba92fa0 (diff)
download	chromium_src-ac8fb6f2be2c9638d14ae0b4d69a206f979e1b25.zip chromium_src-ac8fb6f2be2c9638d14ae0b4d69a206f979e1b25.tar.gz chromium_src-ac8fb6f2be2c9638d14ae0b4d69a206f979e1b25.tar.bz2

Fix crash when initializing CastConfigDelegateMediaRouter.

Calling CastConfigDelegateMediaRouter::RequestDeviceRefresh allocates a CastDeviceCache instance if there isn't one yet. The CastDeviceCache constructor ended up invoking CastDeviceCache::OnSinksReceived, which ends up calling CastConfigDelegateMediaRouter::RequestDeviceRefresh. Since the CastDeviceCache constructor hasn't returned yet, RequestDeviceRefresh creates another CastDeviceCache instance. This continues until the stack runs out of space and Chrome crashes. The fix is to separate CastDeviceCache construction and initialization, so that CastConfigDelegateMediaRouter::RequestDeviceRefresh updates the CastDeviceCache pointer before RequestDeviceRefresh is invoked again. When RequestDeviceRefresh gets called from the Init function, it will skip constructing the CastDeviceCache instance since it already exists. BUG=571111 Review URL: https://codereview.chromium.org/1568533004 Cr-Commit-Position: refs/heads/master@{#367984}

Diffstat (limited to 'cc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: