Google Git
Sign in
chromium / chromium / src / 21576dbba343f81c6b7c02221ffa11542ffbae72
commit21576dbba343f81c6b7c02221ffa11542ffbae72[log] [tgz]
authorDavid Bokan <bokan@chromium.org>Thu Feb 07 21:57:32 2019
committerCommit Bot <commit-bot@chromium.org>Thu Feb 07 21:57:32 2019
tree537cc33515ff40bc0656949509826b7e36919a13
parentc7932a5401fd950bacfb01a2d3f88999f36cb3f0 [diff]
Fix nullptr scrollbar crash

Not sure how this can happen. ScrollbarsFor somehow returns a nullptr in
the ScrollbarSet. This must mean ToScrollbarLayer returns nullptr. This
method returns nullptr in the base and this in the
ScrollbarLayerImplBase override. Therefore the LayerToId muse be
returning a non-scrollbar layer.

The only time we add anything to element_id_to_scrollbar_layer_ids_
though is from LTI::RegisterScrollbar which is necessarily a scrollbar
layer. I think this means the Layer with the scrollbar layer's ID at
some point changes to a different layer. The ID-to-Layer mapping is
cleared when a layer is destroyed and the scrollbar layer clears the
element_id_to_scrollbar_layer_ids_ mapping in its destructor so I'm
speculating that we might be registering a new non-scrollbar layer with
the same id. I've converted the DCHECK to a CHECK at that location to
see if it comes back with any crashes from the wild.

Bug: 924068
Change-Id: I9bb15812aeda0a2c92d2547a52af9fbdbacc65b0
Reviewed-on: https://chromium-review.googlesource.com/c/1435686
Reviewed-by: Robert Flack <flackr@chromium.org>
Reviewed-by: David Bokan <bokan@chromium.org>
Commit-Queue: David Bokan <bokan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#630059}
1 file changed
tree: 537cc33515ff40bc0656949509826b7e36919a13
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chrome_elf/
  11. chromecast/
  12. chromeos/
  13. cloud_print/
  14. components/
  15. content/
  16. courgette/
  17. crypto/
  18. dbus/
  19. device/
  20. docs/
  21. extensions/
  22. fuchsia/
  23. gin/
  24. google_apis/
  25. google_update/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. jingle/
  32. mash/
  33. media/
  34. mojo/
  35. native_client_sdk/
  36. net/
  37. pdf/
  38. ppapi/
  39. printing/
  40. remoting/
  41. rlz/
  42. sandbox/
  43. services/
  44. skia/
  45. sql/
  46. storage/
  47. styleguide/
  48. testing/
  49. third_party/
  50. tools/
  51. ui/
  52. url/
  53. .clang-format
  54. .eslintrc.js
  55. .git-blame-ignore-revs
  56. .gitattributes
  57. .gitignore
  58. .gn
  59. .vpython
  60. AUTHORS
  61. BUILD.gn
  62. CODE_OF_CONDUCT.md
  63. codereview.settings
  64. DEPS
  65. ENG_REVIEW_OWNERS
  66. LICENSE
  67. LICENSE.chromium_os
  68. OWNERS
  69. PRESUBMIT.py
  70. PRESUBMIT_test.py
  71. PRESUBMIT_test_mocks.py
  72. README.md
  73. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .