Speculative fix for a ChromeFrame crash reported on the crash server. The crash occurs when the ChromeFrame active document instance is torn

down. This takes down the automation client instance which handles communication with Chrome. When the automation client instance is torn down it tries to stop pending chrome requests which causes a crash because of an invalid url fetcher object. This could only happen if the url fetcher object belongs to a deleted active document instance, which could occur if the automation client instance was reused during a Reinitialize operation which failed. Fix is to tear down the pending url requests at the top of the Reinitialize function before checking for failure cases. Should fix bug http://code.google.com/p/chromium/issues/detail?id=40590 Bug=40590 Review URL: http://codereview.chromium.org/1524015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43797 0039d316-1c4b-4281-b951-d872f2087c98
author: ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-04-07 01:48:07 +0000
committer: ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-04-07 01:48:07 +0000
commit: 07aa2c0b55fd1355d358ace1dad650a7b0526f5a (patch)
tree: 45689e3f602d53f6ff68441dc6709c96b5e61512 /chrome_frame/chrome_frame_automation.cc
parent: 495f05346528f9e059bc4749b0fef1db25146805 (diff)
download: chromium_src-07aa2c0b55fd1355d358ace1dad650a7b0526f5a.zip
chromium_src-07aa2c0b55fd1355d358ace1dad650a7b0526f5a.tar.gz
chromium_src-07aa2c0b55fd1355d358ace1dad650a7b0526f5a.tar.bz2
1 files changed, 7 insertions, 1 deletions
diff --git a/chrome_frame/chrome_frame_automation.cc b/chrome_frame/chrome_frame_automation.cc
index 295bb48..eed34e5 100644
--- a/chrome_frame/chrome_frame_automation.cc
+++ b/chrome_frame/chrome_frame_automation.cc
@@ -537,6 +537,7 @@ void ChromeFrameAutomationClient::Uninitialize() {
   if (url_fetcher_) {
     // Clean up any outstanding requests
     url_fetcher_->StopAllRequests();
+    url_fetcher_ = NULL;
   }
 
   if (tab_.get()) {
@@ -1217,6 +1218,12 @@ void ChromeFrameAutomationClient::PrintTab() {
 bool ChromeFrameAutomationClient::Reinitialize(
     ChromeFrameDelegate* delegate,
     PluginUrlRequestManager* url_fetcher) {
+  if (url_fetcher_) {
+    // Clean up any outstanding requests
+    url_fetcher_->StopAllRequests();
+    url_fetcher_ = NULL;
+  }
+
   if (!tab_.get() || !::IsWindow(chrome_window_)) {
     NOTREACHED();
     DLOG(WARNING) << "ChromeFrameAutomationClient instance reused "
@@ -1229,7 +1236,6 @@ bool ChromeFrameAutomationClient::Reinitialize(
     return false;
   }
 
-  url_fetcher_->StopAllRequests();
   chrome_frame_delegate_ = delegate;
   DeleteAllPendingTasks();
   SetUrlFetcher(url_fetcher);
author	ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-04-07 01:48:07 +0000
committer	ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-04-07 01:48:07 +0000
commit	07aa2c0b55fd1355d358ace1dad650a7b0526f5a (patch)
tree	45689e3f602d53f6ff68441dc6709c96b5e61512 /chrome_frame/chrome_frame_automation.cc
parent	495f05346528f9e059bc4749b0fef1db25146805 (diff)
download	chromium_src-07aa2c0b55fd1355d358ace1dad650a7b0526f5a.zip chromium_src-07aa2c0b55fd1355d358ace1dad650a7b0526f5a.tar.gz chromium_src-07aa2c0b55fd1355d358ace1dad650a7b0526f5a.tar.bz2