-
kylechar authored
HostFrameSinkManager::InvalidateFrameSinkId() can make a synchronous IPC to ensure whatever is drawing the platform window is destroyed before the platform window gets destroyed. However, while waiting for the synchronous IPC response other synchronous IPCs continue to get processed. |frame_sink_data_map_| can get mutated in response to a different synchronous IPC and |data| may no longer point to a valid memory location when DestroyCompositorFrameSink() returns. Change the order so that all modifications to |data| happen before the synchronous IPC. Also add a comment to clarify that FrameSinkIds shouldn't be reused after they are invalidated. We don't do this today and it would cause more re-entrancy problems. Also switch |frame_sink_data_map_| to use std::unordered_map instead of base::flat_map. This map can get large (tens of elements per open tab) so std::unordered_map is probably a better choice. Bug: 907211 Change-Id: Iea42d1eca290f5b61f215c66da9b9021f671c1e0 Reviewed-on: https://chromium-review.googlesource.com/c/1352525Reviewed-by:
Sadrul Chowdhury <sadrul@chromium.org> Commit-Queue: Sadrul Chowdhury <sadrul@chromium.org> Cr-Commit-Position: refs/heads/master@{#613160}
7e4b519f
