Google Git
Sign in
chromium / chromium / src / 59ef22c05abe9c5a32c84fceb32ef320712930bb
commit59ef22c05abe9c5a32c84fceb32ef320712930bb[log] [tgz]
authorMichelle Abreo <michelleabreo@google.com>Wed Jun 25 13:23:30 2025
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Jun 25 13:23:30 2025
treee45d48cf0265a4168244defac612c62921dd5e75
parentfe1dc082014a4a245a66ea1603450521a9e50e35 [diff]
Defer reload in CookieControls bubble to fix race condition.

PROBLEM
A crash would occur when the user triggered the reloading UI, which
starts a spinner animation and immediately begins a page reload.

CAUSE
The spinner (Throbber) uses a timer with callbacks bound to a WeakPtr.
If Reload is triggered immediately after the user presses the button,
the associated widget/view may be destroyed before the timer stops. This
leads to a use-after-free when the Throbber tries to schedule paint
callbacks on a now-invalidated widget.

FIX
This change serializes these operations, and the `Reload()` call is now
deferred. The delayed task callback first stops the spinner animation
and begins closing the bubble. Only after the UI is safely being torn
down is the page reload initiated. A 200ms delay is used to ensure the
spinner is visible before the reload begins.

Note -- this change ends up making the reloading timeout for the TP UI
bubble obsolete (since we close the bubble after a fixed amount of
time). Once I've verified this fix in canary I'll send a followup to
clean up the timeout metrics.

Bug b:425927824

Change-Id: I5bce0bd81a92abc1222734e5ee87375d0b62dad7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6668278
Reviewed-by: Kevin Graney <kmg@google.com>
Commit-Queue: Michelle Abreo <michelleabreo@google.com>
Cr-Commit-Position: refs/heads/main@{#1478504}
5 files changed
tree: e45d48cf0265a4168244defac612c62921dd5e75
  1. .github/
  2. android_webview/
  3. apps/
  4. ash/
  5. base/
  6. build/
  7. build_overrides/
  8. buildtools/
  9. cc/
  10. chrome/
  11. chromecast/
  12. chromeos/
  13. codelabs/
  14. components/
  15. content/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia_web/
  22. gin/
  23. google_apis/
  24. gpu/
  25. headless/
  26. infra/
  27. ios/
  28. ipc/
  29. media/
  30. mojo/
  31. native_client_sdk/
  32. net/
  33. pdf/
  34. ppapi/
  35. printing/
  36. remoting/
  37. rlz/
  38. sandbox/
  39. services/
  40. skia/
  41. sql/
  42. storage/
  43. styleguide/
  44. testing/
  45. third_party/
  46. tools/
  47. ui/
  48. url/
  49. webkit/
  50. clank
  51. internal
  52. ios_internal
  53. signing_keys
  54. v8
  55. .clang-format
  56. .clang-tidy
  57. .clangd
  58. .cursorignore
  59. .git-blame-ignore-revs
  60. .gitallowed
  61. .gitattributes
  62. .gitignore
  63. .gitmodules
  64. .gn
  65. .mailmap
  66. .rustfmt.toml
  67. .vpython3
  68. .yapfignore
  69. ATL_OWNERS
  70. AUTHORS
  71. BUILD.gn
  72. CODE_OF_CONDUCT.md
  73. codereview.settings
  74. CPPLINT.cfg
  75. CRYPTO_OWNERS
  76. DEPS
  77. DIR_METADATA
  78. LICENSE
  79. LICENSE.chromium_os
  80. OWNERS
  81. PRESUBMIT.py
  82. PRESUBMIT_test.py
  83. PRESUBMIT_test_mocks.py
  84. README.md
  85. SECURITY_OWNERS
  86. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure.

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.