commit | 6ce99156c5fa4bd0a03ddb01813d0bcc9c2508a5 | [log] [tgz] |
---|---|---|
author | Ehsan Karamad <ekaramad@chromium.org> | Fri May 24 16:36:04 2019 |
committer | Commit Bot <commit-bot@chromium.org> | Fri May 24 16:36:04 2019 |
tree | 44e010ce07bd0ed7e86e8d45200cdfe32630506e | |
parent | e1bb98d23e29bce47fc0c3f5769985eda4ffb557 [diff] |
[ MimeHandlerView ] Provisional fix for a browser crash When a MimeHandlerView related resource is intercepted by the PluginResponseInterceptorURLLoaderThrottle, loading is deferred to when a MimeHandlerViewEmbedder is created on UI thread. However, this has caused browser crashes on IO thread when PRIULT resumes loading. The reason could be that PRIULT has *somehow* gone away and since the callback uses the raw pointer for binding, it might be causing a UaF. This CL uses a weak pointer for the callback as a provisional fix. Bug: 966793 Change-Id: I24d8913ccb8fec52eb588b654febbb42f0880a15 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1626339 Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: Ehsan Karamad <ekaramad@chromium.org> Cr-Commit-Position: refs/heads/master@{#663112}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .