-
ananta authored
Based on the crash dump, the crash occurs while loading a Nacl module in the renderer process. The Nacl translate thread has a valid file handle which is created by the Nacl host in the browser. It then calls into the Nacl loader to load the module which fails. The Nacl loading code in LaunchSelLdr function is closing the file handle which is passed in. Based on comments in the PnaclTranslateThread class, ownership of the file handle is only transferred on success. Thus when the call returns the PnaclTranslateThread code tries to close the file handle which is already closed. In the meantime the Windows handle is reused to something else which is tracked by our handle tracker. The second CloseHandle attempt causes a CHECK to fire because we are closing a handle which is being tracked. Fix is to not close the file handle in the PnaclTranslateThread class as ownership is transferred on call to LaunchSelHdr. BUG=426582, 475872 Review URL: https://codereview.chromium.org/1137833003 Cr-Commit-Position: refs/heads/master@{#329251}
ae9c454b
