diff options
| author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-15 22:05:09 +0000 |
|---|---|---|
| committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-15 22:05:09 +0000 |
| commit | b443cb04e44619ae051f85389d3fae5ff9258d5d (patch) | |
| tree | 0b8c463848d9219019f3084432553a03b2245312 /chrome | |
| parent | aa7abac6c537c33cf40bda1d6a910ba6e4fb98e9 (diff) | |
| download | chromium_src-b443cb04e44619ae051f85389d3fae5ff9258d5d.zip chromium_src-b443cb04e44619ae051f85389d3fae5ff9258d5d.tar.gz chromium_src-b443cb04e44619ae051f85389d3fae5ff9258d5d.tar.bz2 | |
Speculative fix for a chrome browser crash which occurs with ChromeFrame. Based on the crash dump, the crash
occurs when the external tab container is being destroyed which in turn takes down the automation provider
and the channel, etc. All this occurs in the context of OleUninitialize, which executes after BrowserMain
returns, i.e. the message loop is now invalid, thus causing a crash while attempting to post a task to it.
Based on this call stack it looks like it happens due to the enable-renderer-accessisibility flag.
Fix is to move the OleInitialize/OleUnitialize calls to Platform::WillInitializeMainMessageLoop and
Platform::DidEndMainMessageLoop. The Platform::DidEndMainMessageLoop function now executes as a task which
is posted to the message loop prior to quitting it. This would ensure that the cleanup happens correctly.
Fixes http://code.google.com/p/chromium/issues/detail?id=30383
Bug=30383
Review URL: http://codereview.chromium.org/501011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34611 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
| -rw-r--r-- | chrome/app/chrome_dll_main.cc | 2 | ||||
| -rw-r--r-- | chrome/browser/browser_main.cc | 2 | ||||
| -rw-r--r-- | chrome/browser/browser_main_win.cc | 2 | ||||
| -rw-r--r-- | chrome/browser/browser_process_impl.cc | 19 | ||||
| -rw-r--r-- | chrome/browser/browser_process_impl.h | 16 |
5 files changed, 23 insertions, 18 deletions
diff --git a/chrome/app/chrome_dll_main.cc b/chrome/app/chrome_dll_main.cc index 29beea1..ee75d76 100644 --- a/chrome/app/chrome_dll_main.cc +++ b/chrome/app/chrome_dll_main.cc @@ -45,7 +45,6 @@ #include "base/stats_counters.h" #include "base/stats_table.h" #include "base/string_util.h" -#include "chrome/app/scoped_ole_initializer.h" #include "chrome/browser/diagnostics/diagnostics_main.h" #include "chrome/browser/renderer_host/render_process_host.h" #include "chrome/common/chrome_constants.h" @@ -742,7 +741,6 @@ int ChromeMain(int argc, char** argv) { SetUpGLibLogHandler(); #endif // defined(OS_LINUX) - ScopedOleInitializer ole_initializer; rv = BrowserMain(main_params); } else { NOTREACHED() << "Unknown process type"; diff --git a/chrome/browser/browser_main.cc b/chrome/browser/browser_main.cc index b93b7ff..e8bceff 100644 --- a/chrome/browser/browser_main.cc +++ b/chrome/browser/browser_main.cc @@ -979,8 +979,6 @@ int BrowserMain(const MainFunctionParams& parameters) { process_singleton.Cleanup(); - Platform::DidEndMainMessageLoop(); - if (metrics) metrics->Stop(); diff --git a/chrome/browser/browser_main_win.cc b/chrome/browser/browser_main_win.cc index dca1bba..7138288 100644 --- a/chrome/browser/browser_main_win.cc +++ b/chrome/browser/browser_main_win.cc @@ -31,9 +31,11 @@ namespace Platform { void WillInitializeMainMessageLoop(const MainFunctionParams& parameters) { + OleInitialize(NULL); } void DidEndMainMessageLoop() { + OleUninitialize(); } void RecordBreakpadStatusUMA(MetricsService* metrics) { diff --git a/chrome/browser/browser_process_impl.cc b/chrome/browser/browser_process_impl.cc index 54d7858..f19e6a6 100644 --- a/chrome/browser/browser_process_impl.cc +++ b/chrome/browser/browser_process_impl.cc @@ -11,6 +11,7 @@ #include "base/path_service.h" #include "base/thread.h" #include "base/waitable_event.h" +#include "chrome/browser/browser_main.h" #include "chrome/browser/browser_trial.h" #include "chrome/browser/chrome_thread.h" #include "chrome/browser/debugger/debugger_wrapper.h" @@ -251,6 +252,24 @@ static void PostQuit(MessageLoop* message_loop) { message_loop->PostTask(FROM_HERE, new MessageLoop::QuitTask()); } +unsigned int BrowserProcessImpl::AddRefModule() { + DCHECK(CalledOnValidThread()); + module_ref_count_++; + return module_ref_count_; +} + +unsigned int BrowserProcessImpl::ReleaseModule() { + DCHECK(CalledOnValidThread()); + DCHECK(0 != module_ref_count_); + module_ref_count_--; + if (0 == module_ref_count_) { + MessageLoop::current()->PostTask( + FROM_HERE, NewRunnableFunction(Platform::DidEndMainMessageLoop)); + MessageLoop::current()->Quit(); + } + return module_ref_count_; +} + void BrowserProcessImpl::EndSession() { #if defined(OS_WIN) // Notify we are going away. diff --git a/chrome/browser/browser_process_impl.h b/chrome/browser/browser_process_impl.h index f4b0e7d..51d0cf5 100644 --- a/chrome/browser/browser_process_impl.h +++ b/chrome/browser/browser_process_impl.h @@ -164,21 +164,9 @@ class BrowserProcessImpl : public BrowserProcess, public NonThreadSafe { CreateDebuggerWrapper(port); } - virtual unsigned int AddRefModule() { - DCHECK(CalledOnValidThread()); - module_ref_count_++; - return module_ref_count_; - } + virtual unsigned int AddRefModule(); - virtual unsigned int ReleaseModule() { - DCHECK(CalledOnValidThread()); - DCHECK(0 != module_ref_count_); - module_ref_count_--; - if (0 == module_ref_count_) { - MessageLoop::current()->Quit(); - } - return module_ref_count_; - } + virtual unsigned int ReleaseModule(); virtual bool IsShuttingDown() { DCHECK(CalledOnValidThread()); |