diff options
author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-02 00:48:55 +0000 |
---|---|---|
committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-02 00:48:55 +0000 |
commit | 37b76dc3b721d4fcad4459af36df4b204b7b630b (patch) | |
tree | 7c993b8e0df3714d4dff968a2d33046421841b28 /chrome/browser/external_tab_container.h | |
parent | b79e05771090e7ff898bad1f9fab1f52080bfb7c (diff) | |
download | chromium_src-37b76dc3b721d4fcad4459af36df4b204b7b630b.zip chromium_src-37b76dc3b721d4fcad4459af36df4b204b7b630b.tar.gz chromium_src-37b76dc3b721d4fcad4459af36df4b204b7b630b.tar.bz2 |
Speculative fix for ChromeFrame crash in bug http://code.google.com/p/chromium/issues/detail?id=29025
The crash occurs while dereferencing the automation channel to send out the SetCookie IPC message on the
automation channel to the host browser. Based on what I could see from the crash dump and the code
it seems like there could be a scenario where the AutomationResourceContext object could be destroyed
while the AutomationCookieStore object is still around and thus ends up with a stale pointer which crashes
when dereferenced.
Fix is to ensure that all related code paths hold on to a refcounted AutomationResourceContext instance.
I will look into whether it is possible to come up with a unit test for this.
Bug=29025
Review URL: http://codereview.chromium.org/450020
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33524 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/external_tab_container.h')
-rw-r--r-- | chrome/browser/external_tab_container.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/chrome/browser/external_tab_container.h b/chrome/browser/external_tab_container.h index 56317d8..4461f7e 100644 --- a/chrome/browser/external_tab_container.h +++ b/chrome/browser/external_tab_container.h @@ -205,7 +205,8 @@ class ExternalTabContainer : public TabContentsDelegate, scoped_ptr<RenderViewContextMenuExternalWin> external_context_menu_; // A message filter to load resources via automation - AutomationResourceMessageFilter* automation_resource_message_filter_; + scoped_refptr<AutomationResourceMessageFilter> + automation_resource_message_filter_; // If all the url requests for this tab are to be loaded via automation. bool load_requests_via_automation_; |