summaryrefslogtreecommitdiffstats
path: root/chrome/browser/cocoa
diff options
context:
space:
mode:
authorphajdan.jr@chromium.org <phajdan.jr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-11-27 12:22:05 +0000
committerphajdan.jr@chromium.org <phajdan.jr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-11-27 12:22:05 +0000
commitcb793485ece8cf39cd13d1b365f8c570c6775ca3 (patch)
treea6ec918306db0c9526ba1fd5ad913d269d5e484a /chrome/browser/cocoa
parente8fa42e23401cded7df5bc4da7fd166bbebb413c (diff)
downloadchromium_src-cb793485ece8cf39cd13d1b365f8c570c6775ca3.zip
chromium_src-cb793485ece8cf39cd13d1b365f8c570c6775ca3.tar.gz
chromium_src-cb793485ece8cf39cd13d1b365f8c570c6775ca3.tar.bz2
[Mac] Fix a memory corruption when closing a JS modal dialog.
JSModalDialogCocoa::CloseAppModalDialog was calling [NSApp endSheet], which in turn was deleting the JSModalDialogCocoa (via a scoped_ptr in alertDidEnd). After that, the CloseAppModalDialog was writing NULL to the alert_ member variable, but at that point the object was deleted, so it was corrupting memory. GuardMalloc detected this corruption very quickly. It was also causing BrowserTest.JavascriptAlertActivatesTab to crash flakily on Mac. This change undisables that test. The bug contains more details, context, and stack traces. BUG=54896 TEST=browser_tests Review URL: http://codereview.chromium.org/5318007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@67493 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/cocoa')
-rw-r--r--chrome/browser/cocoa/js_modal_dialog_cocoa.mm4
1 files changed, 3 insertions, 1 deletions
diff --git a/chrome/browser/cocoa/js_modal_dialog_cocoa.mm b/chrome/browser/cocoa/js_modal_dialog_cocoa.mm
index 4bc8784..ff1d349 100644
--- a/chrome/browser/cocoa/js_modal_dialog_cocoa.mm
+++ b/chrome/browser/cocoa/js_modal_dialog_cocoa.mm
@@ -191,8 +191,10 @@ void JSModalDialogCocoa::ActivateAppModalDialog() {
void JSModalDialogCocoa::CloseAppModalDialog() {
DCHECK([alert_ isKindOfClass:[NSAlert class]]);
+
+ // Note: the call below will delete |this|,
+ // see JavaScriptAppModalDialogHelper's alertDidEnd.
[NSApp endSheet:[alert_ window]];
- alert_ = NULL;
}
void JSModalDialogCocoa::AcceptAppModalDialog() {
generated by cgit v1.1 at 2025-02-07 16:41:50 +0000