From fdbdc954056fd81d6291ccaffae45e849596dd18 Mon Sep 17 00:00:00 2001 From: "shess@chromium.org" Date: Thu, 1 Oct 2009 21:31:18 +0000 Subject: [Mac] Don't crash when selecting closed window from Dock menu. The Dock menu contains an automagic section where you can select amongst open windows. This is wired up to send to the window as a target, but if JavaScript closes the window in the meanwhile, it messages a freed object. This short-circuits the specific selector if the window is no longer valid. http://crbug.com/14003 TEST=Bug contains instructions and an example html file to help. Review URL: http://codereview.chromium.org/259001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@27769 0039d316-1c4b-4281-b951-d872f2087c98 --- chrome/browser/chrome_application_mac.mm | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'chrome/browser') diff --git a/chrome/browser/chrome_application_mac.mm b/chrome/browser/chrome_application_mac.mm index 8c7d860..a94d3aa 100644 --- a/chrome/browser/chrome_application_mac.mm +++ b/chrome/browser/chrome_application_mac.mm @@ -58,4 +58,29 @@ // own. } +- (BOOL)sendAction:(SEL)anAction to:(id)aTarget from:(id)sender { + // The Dock menu contains an automagic section where you can select + // amongst open windows. If a window is closed via JavaScript while + // the menu is up, the menu item for that window continues to exist. + // When a window is selected this method is called with the + // now-freed window as |aTarget|. Short-circuit the call if + // |aTarget| is not a valid window. + if (anAction == @selector(_selectWindow:)) { + // Not using -[NSArray containsObject:] because |aTarget| may be a + // freed object. + BOOL found = NO; + for (NSWindow* window in [self windows]) { + if (window == aTarget) { + found = YES; + break; + } + } + if (!found) { + return NO; + } + } + + return [super sendAction:anAction to:aTarget from:sender]; +} + @end -- cgit v1.1