Google Git
Sign in
chromium / chromium / src / 602f3688ffd299e890b252f608fb1a85ff555bcc^! / .
commit602f3688ffd299e890b252f608fb1a85ff555bcc[log] [tgz]
authorCharlie Reis <creis@chromium.org>Tue Mar 18 02:38:30 2025
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue Mar 18 02:38:30 2025
tree86a569af2a52095675cb2aaa0b63c68682ee6e6f
parent56f8d2a7b3fb8cb4f88da9cc26bea422c69e8bac [diff]
Fix crash when multiple start time updates occur for a navigation.

Surprisingly, it is possible for a single NavigationRequest to have its
start time updated multiple times in response to separate beforeunload
completions. We don't have easy repro steps for this, so this is a
speculative fix that removes the failing CHECK in favor of handling the
case in a reasonable way (i.e., preserving the actual original
navigation start time in metrics).

The change should only affect metrics in rare cases, and avoid the
crash.

Bug: 402545469, 385170155
Change-Id: Id33c057c8fb4a3effe22e66c75c465a3372d1597
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6363439
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Auto-Submit: Charlie Reis <creis@chromium.org>
Commit-Queue: Rakina Zata Amni <rakina@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1433943}

diff --git a/content/browser/renderer_host/navigation_request.cc b/content/browser/renderer_host/navigation_request.cc
index e83af09..715b755 100644
--- a/content/browser/renderer_host/navigation_request.cc
+++ b/content/browser/renderer_host/navigation_request.cc

@@ -2461,11 +2461,16 @@
 void NavigationRequest::UpdateNavigationStartTime(const base::TimeTicks& time,
                                                   bool for_legacy,
                                                   bool showed_dialog) {
-  // Should be called at most once per NavigationRequest.
-  CHECK(original_navigation_start_.is_null());
-
   // Track the adjustment details for https://crbug.com/385170155.
-  original_navigation_start_ = common_params_->navigation_start;
+  // Note: It is possible to get here more than once for a single request, which
+  // might happen if a beforeunload ack for a different navigation is received
+  // at the wrong time (see https://crbug.com/402545469). In that case, preserve
+  // the existing `original_navigation_start_`.
+  // TODO(crbug.com/404286908): Track which NavigationRequest should be updated
+  // in response to a given beforeunload completion.
+  if (original_navigation_start_.is_null()) {
+    original_navigation_start_ = common_params_->navigation_start;
+  }
   navigation_start_adjustment_for_legacy_ = for_legacy;
   beforeunload_dialog_shown_ = showed_dialog;