-
Min Qin authored
In DownloadFileImpl::RegisterAndActivateStream(), it registerers a callback when data become available in the stream handle. Then it starts reading the stream handle in a while loop. And the following scenario could happen afterwards: 1. The SimpleWatcher object in StreamHandleInputStream thinks data is available, and posted a callback to run DownloadFileImpl::StreamActive(). 2. Before the callback gets to run, the while loop consumes all the data in the data pipe. This hits the stream_handle_->stream.reset() statement in StreamHandleInputStream::Read(). 3. The callback is executed, and stream_handle_->stream->ReadData() is called. And this causes chrome to crash. This CL fixes the issue by registering the callback only when data from the stream handle is not ready. By doing this, the callback won't be scheduled when DownloadFileImpl is inside the StreamActive() loop. BUG=1009839 Change-Id: I9d90686ffea56fb61a9c29aa2a569618fcf6fbd3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1832735Reviewed-by:
Xing Liu <xingliu@chromium.org> Commit-Queue: Min Qin <qinmin@chromium.org> Cr-Commit-Position: refs/heads/master@{#703076}
bfe06737
