Views views_unittests FocusManagerTest.FocusNativeControls use after free

Fixes issue where NativeTabbedPaneGtk gets retained by the top-level FocusManager during the Widget::Close tear-down sequence.  This fix clears focus before proceeding with the tear-down.  This avoids redundant operations with the FocusManger as views get deleted, specifically in the FocusManager::ViewRemoved() call.

Caught by Valgrind as a use after free violation:
  sh tools/valgrind/chrome_tests.sh views --gtest_filter=FocusManagerTest.FocusNativeControls

BUG=89596
TEST=tools/valgrind/chrome_tests.sh views --gtest_filter=FocusManagerTest.FocusNativeControls


Review URL: http://codereview.chromium.org/7468037

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93894 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 9 insertions, 0 deletions

diff --git a/views/widget/widget.cc b/views/widget/widget.cc
index d00168c..bfead84 100644
--- a/views/widget/widget.cc
+++ b/views/widget/widget.cc
@@ -423,6 +423,15 @@ void Widget::Close() {
     can_close = non_client_view_->CanClose();
   if (can_close) {
     SaveWindowPosition();
+
+    // During tear-down the top-level focus manager becomes unavailable to
+    // GTK tabbed panes and their children, so normal deregistration via
+    // |FormManager::ViewRemoved()| calls are fouled.  We clear focus here
+    // to avoid these redundant steps and to avoid accessing deleted views
+    // that may have been in focus.
+    if (GetTopLevelWidget() == this && focus_manager_.get())
+      focus_manager_->SetFocusedView(NULL);
+
     native_widget_->Close();
     widget_closed_ = true;
   }