Fix method call on potentially deleted object in NativeWidgetViews.

The problem was that I was unconditionally calling set_delete_native_widget() from the NativeWidgetViews destructor, which is wrong if the NativeWidgetView has already been destroyed with its view hierarchy.  The unconditional call is correct in the NativeWidgetView destructor because it must prevent itself from being deleted again even if it does not delete the NativeWidgetViews (WIDGET_OWNS_NATIVE_WIDGET case) and is safe because the NativeWidgetViews lifetime is always longer than its NativeWidgetView.

BUG=chromium:90484
TEST=valgrind out/Debug/views_unittests --gtest_filter="WidgetOwnershipTest.*ViewsNativeWidget*" --single-process


Review URL: http://codereview.chromium.org/7461082

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@94336 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 5 insertions, 0 deletions

diff --git a/views/widget/native_widget_view.cc b/views/widget/native_widget_view.cc
index 3be3d33..911170d 100644
--- a/views/widget/native_widget_view.cc
+++ b/views/widget/native_widget_view.cc
@@ -22,6 +22,11 @@ NativeWidgetView::NativeWidgetView(NativeWidgetViews* native_widget)
 }
 
 NativeWidgetView::~NativeWidgetView() {
+  // Don't let NativeWidgetViews delete this again.  This must be outside
+  // the |delete_native_widget_| clause so it gets invoked for
+  // WIDGET_OWNS_NATIVE_WIDGET.  It is safe because |native_widget_| will
+  // still exist in both ways NativeWidgetView can be destroyed: by view
+  // hierarchy teardown and from the NativeWidgetViews destructor.
   native_widget_->set_delete_native_view(false);
   if (delete_native_widget_)
     delete native_widget_;