Skip to content

GitLab

T
tangled
Switch branch/tag
Find file BlameHistoryPermalink
  • Scott Violet's avatar
    speculative fix for crash in PrerenderManager::GetPrerenderContents() · f0d440cf
    Scott Violet authored 
    The stack indicates PrerenderManager::PeriodicCleanup() is being
called. PeriodicCleanup() is deleting a PrerenderContents. Deleting the
PrerenderContents is triggering a call PrerenderManager::GetPrerenderContents().

My suspicion is PeriodicCleanup() is calling clear() on a vector. The vector
contains std::unique_ptr<PrerenderContents>. It would appear the implementation
of vector::clear() destroys the entries, and *then* resets the size.
This means during destruction PrerenderManager::GetPrerenderContents() is
iterating over the vector that now contains deleted objects and we get a crash.

BUG=850489
TEST=none

Change-Id: I8472c577bfd583105abaebe32cec2d39b6fbcca1
Reviewed-on: https://chromium-review.googlesource.com/1091189Reviewed-by: default avatarDavid Roger <droger@chromium.org>
Reviewed-by: default avatarMatthew Cary <mattcary@chromium.org>
Commit-Queue: Scott Violet <sky@chromium.org>
Cr-Commit-Position: refs/heads/master@{#565632}
    f0d440cf
prerender_manager.cc 46.7 KB