From 10519fde25eb61bdd4e3c5e21e99c6416e68d4ed Mon Sep 17 00:00:00 2001 From: "erg@google.com" Date: Tue, 3 Mar 2009 00:21:40 +0000 Subject: Fix crash introduced in r10563 where we modified a RenderWidgetHost after it had been deallocated. Review URL: http://codereview.chromium.org/27363 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@10751 0039d316-1c4b-4281-b951-d872f2087c98 --- chrome/browser/renderer_host/render_widget_host.cc | 11 ++++++++--- chrome/browser/renderer_host/render_widget_host.h | 5 ++++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/chrome/browser/renderer_host/render_widget_host.cc b/chrome/browser/renderer_host/render_widget_host.cc index f75d2e6..1050ec7 100644 --- a/chrome/browser/renderer_host/render_widget_host.cc +++ b/chrome/browser/renderer_host/render_widget_host.cc @@ -575,11 +575,16 @@ void RenderWidgetHost::OnMsgInputEventAck(const IPC::Message& message) { r = message.ReadBool(&iter, &processed); DCHECK(r); + KeyQueue::value_type front_item = key_queue_.front(); + key_queue_.pop(); + if (!processed) { - UnhandledKeyboardEvent(key_queue_.front()); - } + UnhandledKeyboardEvent(front_item); - key_queue_.pop(); + // WARNING: This RenderWidgetHost can be deallocated at this point + // (i.e. in the case of Ctrl+W, where the call to + // UnhandledKeyboardEvent destroys this RenderWidgetHost). + } } } } diff --git a/chrome/browser/renderer_host/render_widget_host.h b/chrome/browser/renderer_host/render_widget_host.h index 647c893..0a749b8 100644 --- a/chrome/browser/renderer_host/render_widget_host.h +++ b/chrome/browser/renderer_host/render_widget_host.h @@ -352,10 +352,13 @@ class RenderWidgetHost : public IPC::Channel::Listener { // operation to finish. base::TimeTicks repaint_start_time_; + // Queue of keyboard events that we need to track. + typedef std::queue KeyQueue; + // A queue of keyboard events. We can't trust data from the renderer so we // stuff key events into a queue and pop them out on ACK, feeding our copy // back to whatever unhandled handler instead of the returned version. - std::queue key_queue_; + KeyQueue key_queue_; DISALLOW_COPY_AND_ASSIGN(RenderWidgetHost); }; -- cgit v1.1