Ignore unexpected RFH::OnAssociatedInterfaceRequest.

This is intended to be merged into M87 Beta M87. This is actually the #3 crasher on 87.0.4280.38 I have no clue what the problem is here. This patch removes the consequences of the bug, not the cause. This is caused by receiving RFH::OnAssociatedInterfaceRequest() after the process has called ResetIPC and the RenderFrameHost has called InvalidateMojoConnection(). This patch just ignore the call when this happens, because it doesn't expect receiving any call from the renderer anymore. Bug: 1123438 Change-Id: I1ada1d3a27f53198afc84ec56f00e0a278fdbd90 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2517586Reviewed-by: Dave Tapuska <dtapuska@chromium.org> Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Cr-Commit-Position: refs/heads/master@{#823984}

Ignore unexpected RFH::OnAssociatedInterfaceRequest.
This is intended to be merged into M87 Beta M87. This is actually the #3 crasher on 87.0.4280.38 I have no clue what the problem is here. This patch removes the consequences of the bug, not the cause. This is caused by receiving RFH::OnAssociatedInterfaceRequest() after the process has called ResetIPC and the RenderFrameHost has called InvalidateMojoConnection(). This patch just ignore the call when this happens, because it doesn't expect receiving any call from the renderer anymore. Bug: 1123438 Change-Id: I1ada1d3a27f53198afc84ec56f00e0a278fdbd90 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2517586Reviewed-by: Dave Tapuska <dtapuska@chromium.org> Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Cr-Commit-Position: refs/heads/master@{#823984}
5449f59a · arthursonzogni · Commit Bot · 5e77c26b · 5449f59a
Commit 5449f59a authored Nov 04, 2020 by arthursonzogni Committed by Commit Bot Nov 04, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 6 deletions

content/browser/renderer_host/render_frame_host_impl.cc content/browser/renderer_host/render_frame_host_impl.cc +17 -6

No files found.
--- a/content/browser/renderer_host/render_frame_host_impl.cc
+++ b/content/browser/renderer_host/render_frame_host_impl.cc
@@ -1831,13 +1831,24 @@ bool RenderFrameHostImpl::OnMessageReceived(const IPC::Message& msg) {
 void RenderFrameHostImpl::OnAssociatedInterfaceRequest(
    const std::string& interface_name,
    mojo::ScopedInterfaceEndpointHandle handle) {
-  ContentBrowserClient* browser_client = GetContentClient()->browser();
+  // TODO(https://crbug.com/1123438) It is not understood why
-  if (!associated_registry_->TryBindInterface(interface_name, &handle) &&
+  // OnAssociatedInterfaceRequest can be received after resetting
-      !browser_client->BindAssociatedReceiverFromFrame(this, interface_name,
+  // `associated_registry_`. This is reset in InvalidateMojoConnection(), which
-                                                       &handle)) {
+  // means we want to stop receiving messages on behalf of the frame. Ignoring
-    delegate_->OnAssociatedInterfaceRequest(this, interface_name,
+  // this request sounded like the right way to handle this.
-                                            std::move(handle));
+  if (!associated_registry_)
+    return;
+  if (associated_registry_->TryBindInterface(interface_name, &handle))
+    return;
+  if (GetContentClient()->browser()->BindAssociatedReceiverFromFrame(
+          this, interface_name, &handle)) {
+    return;
  }
+  delegate_->OnAssociatedInterfaceRequest(this, interface_name,
+                                          std::move(handle));
 }
 void RenderFrameHostImpl::AccessibilityPerformAction(