diff options
| author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-05-21 05:38:33 +0000 |
|---|---|---|
| committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-05-21 05:38:33 +0000 |
| commit | 03269cf96713c7b44cf7fe1f8241d0b2e33a7ab6 (patch) | |
| tree | 89ecf2efdfac3bfabf7d154a7ced1f8b55fe106e /chrome/browser/renderer_host/render_widget_host.cc | |
| parent | 8ad7b84b3d681bc57732272117019350521557cd (diff) | |
| download | chromium_src-03269cf96713c7b44cf7fe1f8241d0b2e33a7ab6.zip chromium_src-03269cf96713c7b44cf7fe1f8241d0b2e33a7ab6.tar.gz chromium_src-03269cf96713c7b44cf7fe1f8241d0b2e33a7ab6.tar.bz2 | |
The underlying view_ can be NULL while processing a ViewHostMsg_PaintRect IPC message. Attempting
to prepare a backing store for a NULL view fails and crashes subsequently due to a NULL pointer dereference.
This fixes http://code.google.com/p/chromium/issues/detail?id=12167
Bug=12167
Review URL: http://codereview.chromium.org/113677
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@16582 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/renderer_host/render_widget_host.cc')
| -rw-r--r-- | chrome/browser/renderer_host/render_widget_host.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/chrome/browser/renderer_host/render_widget_host.cc b/chrome/browser/renderer_host/render_widget_host.cc index 62e09d7..9e196e9 100644 --- a/chrome/browser/renderer_host/render_widget_host.cc +++ b/chrome/browser/renderer_host/render_widget_host.cc @@ -688,6 +688,10 @@ void RenderWidgetHost::OnMsgShowPopup(const IPC::Message& message) { void RenderWidgetHost::PaintBackingStoreRect(TransportDIB* bitmap, const gfx::Rect& bitmap_rect, const gfx::Size& view_size) { + // The view may be destroyed already. + if (!view_) + return; + if (is_hidden_) { // Don't bother updating the backing store when we're hidden. Just mark it // as being totally invalid. This will cause a complete repaint when the |