-
Nick Diego Yamane authored
Chrome crashes when the tab drag session is cancelled (ie: pressing esc) in attached mode. The crash happens because a use-after-free in ExtendedDragSource's destructor, when attempting to notify registered observers about its destruction. More specifically, the issue happens because DragDropOperation instance doesn't remove itself from the extended drag source's observers list when it's destroyed in response to a session cancellation. This patch fixes it and, additionally, cleans up how DragDropOperation access to the extended drag source instance is done, by associating it with its seat instead of the data source, simplifying code handling (ext-)source destruction, etc. R=oshima@chromium.org Bug: 1099418 Change-Id: I265379fb0aed0742674d3dcd97815b1cffdc709f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2514360 Commit-Queue: Nick Yamane <nickdiego@igalia.com> Reviewed-by:
Mitsuru Oshima <oshima@chromium.org> Cr-Commit-Position: refs/heads/master@{#824060}
ba556d76
