diff options
| author | sky@chromium.org <sky@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-02 20:42:16 +0000 |
|---|---|---|
| committer | sky@chromium.org <sky@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-02 20:42:16 +0000 |
| commit | a787b435d2a22495d9968aec60b3c0d2032dccdb (patch) | |
| tree | f4e114af6c312041cc6468c3befa59fce44bc48b /chrome/browser/ui/browser.cc | |
| parent | 951bdb1959db46632d8c8d00d2dc76d5f9529bb5 (diff) | |
| download | chromium_src-a787b435d2a22495d9968aec60b3c0d2032dccdb.zip chromium_src-a787b435d2a22495d9968aec60b3c0d2032dccdb.tar.gz chromium_src-a787b435d2a22495d9968aec60b3c0d2032dccdb.tar.bz2 | |
Fixes possible crash in Browser::OpenApplicationTab. The problem is
that OpenURL() may swap WebContents (can happen with
pre-rendering). If OpenURL did swap the WebContents, and we need to
pin the tab then we reset tab_index to -1 and ActivateTabAt crashes.
BUG=124689
TEST=none (test scenario is hard to exercise)
R=ben@chromium.org
Review URL: https://chromiumcodereview.appspot.com/10313004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@134986 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/ui/browser.cc')
| -rw-r--r-- | chrome/browser/ui/browser.cc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/chrome/browser/ui/browser.cc b/chrome/browser/ui/browser.cc index a590325..e2d6613 100644 --- a/chrome/browser/ui/browser.cc +++ b/chrome/browser/ui/browser.cc @@ -901,8 +901,11 @@ WebContents* Browser::OpenApplicationTab(Profile* profile, content::Referrer(existing_tab->GetURL(), WebKit::WebReferrerPolicyDefault), disposition, content::PAGE_TRANSITION_LINK, false)); + // Reset existing_tab as OpenURL() may have clobbered it. + existing_tab = browser->GetSelectedWebContents(); if (params.tabstrip_add_types & TabStripModel::ADD_PINNED) { model->SetTabPinned(tab_index, true); + // Pinning may have moved the tab. tab_index = model->GetWrapperIndex(existing_tab); } if (params.tabstrip_add_types & TabStripModel::ADD_ACTIVE) |