-
Derek Cheng authored
Race condition introduced in: https://chromium-review.googlesource.com/c/chromium/src/+/724724 The crash is caused by a race condition, where the the renderer attempted to register another PresentationController to PresentationServiceImpl while there is still a (soon-to-be invalid) one already. When we moved the PresentationController implementation from PresentationDispatcher to blink::PresentationController, we are now creating/destoying the PresentationController across navigation (instead of having it long-lived in the PresentationDispatcher / RenderFrameImpl). The fix is to close all message pipes / Reset() in PresentationServiceImpl when a Mojo connection error is detected. This way, the PresentationServiceImpl will be in a clean state when the renderer connects to it again. This also fixes PresentationReceiver's behavior of obtaining a connection to PresentationService and immediately dropping it after calling SetReceiver(), which would let to Reset() getting called with this patch. To merge back to 66 (if possible) and 67. Bug: 832176 Change-Id: Ic7cd2601a107024143936fa9e1ae197505e4cf64 Reviewed-on: https://chromium-review.googlesource.com/1011289Reviewed-by:
mark a. foltz <mfoltz@chromium.org> Reviewed-by:
Derek Cheng <imcheng@chromium.org> Commit-Queue: Derek Cheng <imcheng@chromium.org> Cr-Commit-Position: refs/heads/master@{#551057}
1ad77242
