Speculative fix for crbug.com/1101967

This most likely regeressed in https://chromium-review.googlesource.com/c/chromium/src/+/2258955 In that CL, I moved the implementation of NavigateLocalAdsFrame() from document.cc to oom_intervention_impl.cc. The only behavior change I can see is that instead of giving FrameLoadRequest an origin context in its constructor, I switched it to nullptr. The crash reports aren't providing terribly useful stack traces, but my guess is that this is crashing at https://chromium.googlesource.com/chromium/src/+/962a6c5c187940f445c958c627875113ca31297a/content/renderer/render_frame_impl.cc#5685 RequestorOrigin() is DCHECKed non-null at the start of the function, but I believe it would be null if FrameLoadRequest was given a nullptr origin context. Bug: 1101967 Change-Id: I573e8c13adc8d26fa10644f77c4b609ebfe0ccfd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2283257Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Nate Chapin <japhet@chromium.org> Cr-Commit-Position: refs/heads/master@{#785783}

Speculative fix for crbug.com/1101967
This most likely regeressed in https://chromium-review.googlesource.com/c/chromium/src/+/2258955 In that CL, I moved the implementation of NavigateLocalAdsFrame() from document.cc to oom_intervention_impl.cc. The only behavior change I can see is that instead of giving FrameLoadRequest an origin context in its constructor, I switched it to nullptr. The crash reports aren't providing terribly useful stack traces, but my guess is that this is crashing at https://chromium.googlesource.com/chromium/src/+/962a6c5c187940f445c958c627875113ca31297a/content/renderer/render_frame_impl.cc#5685 RequestorOrigin() is DCHECKed non-null at the start of the function, but I believe it would be null if FrameLoadRequest was given a nullptr origin context. Bug: 1101967 Change-Id: I573e8c13adc8d26fa10644f77c4b609ebfe0ccfd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2283257Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Nate Chapin <japhet@chromium.org> Cr-Commit-Position: refs/heads/master@{#785783}
a9439143 · Nate Chapin · Commit Bot · 44590aaa · a9439143
Commit a9439143 authored Jul 07, 2020 by Nate Chapin Committed by Commit Bot Jul 07, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

third_party/blink/renderer/controller/oom_intervention_impl.cc ..._party/blink/renderer/controller/oom_intervention_impl.cc +3 -1

No files found.
--- a/third_party/blink/renderer/controller/oom_intervention_impl.cc
+++ b/third_party/blink/renderer/controller/oom_intervention_impl.cc
@@ -15,6 +15,7 @@
 #include "third_party/blink/public/platform/platform.h"
 #include "third_party/blink/renderer/bindings/core/v8/v8_gc_for_context_dispose.h"
 #include "third_party/blink/renderer/controller/crash_memory_metrics_reporter_impl.h"
+#include "third_party/blink/renderer/core/frame/local_dom_window.h"
 #include "third_party/blink/renderer/core/frame/local_frame.h"
 #include "third_party/blink/renderer/core/loader/frame_load_request.h"
 #include "third_party/blink/renderer/core/page/page.h"
@@ -68,7 +69,8 @@ void NavigateLocalAdsFrames(LocalFrame* frame) {
       child = child->Tree().TraverseNext(frame)) {
    if (auto* child_local_frame = DynamicTo<LocalFrame>(child)) {
      if (child_local_frame->IsAdSubframe()) {
-        FrameLoadRequest request(nullptr, ResourceRequest(BlankURL()));
+        FrameLoadRequest request(frame->DomWindow(),
+                                 ResourceRequest(BlankURL()));
        child_local_frame->Navigate(request, WebFrameLoadType::kStandard);
      }
    }