diff options
| author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-09-02 21:45:50 +0000 |
|---|---|---|
| committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-09-02 21:45:50 +0000 |
| commit | 87339f0bdb7fa60bad0616348a6a2aa705d4716a (patch) | |
| tree | 9e2eae044d261554c1fc53c8d5d303d8ae94f9db /ipc/ipc_channel_proxy.cc | |
| parent | 1573dea0f088e514aacff7cdd706f18ec688b0dd (diff) | |
| download | chromium_src-87339f0bdb7fa60bad0616348a6a2aa705d4716a.zip chromium_src-87339f0bdb7fa60bad0616348a6a2aa705d4716a.tar.gz chromium_src-87339f0bdb7fa60bad0616348a6a2aa705d4716a.tar.bz2 | |
Fix a chrome browser crash observed in chrome frame reliability test runs. The crash occurs
when the automation channel is being torn down and a Send on the channel is attempted after
the channel has been closed.
We crash while dereferencing a NULL channel pointer in OnSendMessage task.
Fix is to add a check for the same.
Fixes bug http://code.google.com/p/chromium/issues/detail?can=2&q=54115
Bug=54115
Test=Covered by new ipc sync channel test.
Review URL: http://codereview.chromium.org/3337004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@58408 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'ipc/ipc_channel_proxy.cc')
| -rw-r--r-- | ipc/ipc_channel_proxy.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ipc/ipc_channel_proxy.cc b/ipc/ipc_channel_proxy.cc index 6af4d73..ddf1ec8 100644 --- a/ipc/ipc_channel_proxy.cc +++ b/ipc/ipc_channel_proxy.cc @@ -155,6 +155,11 @@ void ChannelProxy::Context::OnChannelClosed() { // Called on the IPC::Channel thread void ChannelProxy::Context::OnSendMessage(Message* message) { + if (!channel_) { + delete message; + OnChannelClosed(); + return; + } if (!channel_->Send(message)) OnChannelError(); } |