From b1fc294270003c25ffebf7d3cf4381b93cf91c40 Mon Sep 17 00:00:00 2001
From: "klink@chromium.org"
 <klink@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Sat, 11 Oct 2008 03:30:04 +0000
Subject: Fixes a null pointer bug, and adds null checks around potentially
 dying process and channel.

Review URL: http://codereview.chromium.org/7099

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@3268 0039d316-1c4b-4281-b951-d872f2087c98
---
 chrome/browser/browser_accessibility_manager.cc | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

(limited to 'chrome/browser')

diff --git a/chrome/browser/browser_accessibility_manager.cc b/chrome/browser/browser_accessibility_manager.cc
index f2755c0..51b7654 100644
--- a/chrome/browser/browser_accessibility_manager.cc
+++ b/chrome/browser/browser_accessibility_manager.cc
@@ -103,10 +103,14 @@ bool BrowserAccessibilityManager::RequestAccessibilityInfo(
       new ViewMsg_GetAccessibilityInfo(
           members->render_widget_host_->routing_id(), in_params, &out_params_);
 
-  // Necessary for the send to keep the UI responsive.
-  msg->EnableMessagePumping();
-  bool success = members->render_widget_host_->process()->channel()->
-      SendWithTimeout(msg, kAccessibilityMessageTimeOut);
+  bool success = false;
+  if (members->render_widget_host_->process() &&
+      members->render_widget_host_->process()->channel()) {
+    // Necessary for the send to keep the UI responsive.
+    msg->EnableMessagePumping();
+    success = members->render_widget_host_->process()->channel()->
+        SendWithTimeout(msg, kAccessibilityMessageTimeOut);
+  }
 
   return success;
 }
@@ -157,11 +161,13 @@ void BrowserAccessibilityManager::Observe(NotificationType type,
 
   // Set BrowserAccessibility instance to inactive state.
   it->second->set_instance_active(false);
-  render_process_host_map_.erase(it);
 
   // Delete entry also from InstanceMap.
   InstanceMap::iterator it2 = instance_map_.find(it->second->instance_id());
 
   if (it2 != instance_map_.end())
     instance_map_.erase(it2);
+
+  // Only delete the first entry once it is no longer in use.
+  render_process_host_map_.erase(it);
 }
-- 
cgit v1.1