Avoid pure virtual crash destroying RenderProcessUserData

When RenderProcessUserData is destroyed from the destructor of RenderProcessHostImpl, it is done in the destructor of RenderProcessHost. At this point RemoveObserver override is already freed, so RenderProcessHost is pure virtual. This crash happens at least building with GCC: at /usr/include/c++/8/ext/new_allocator.h:140 (this=0x7fffffffcb50, __in_chrg=<optimized out>) at /usr/include/c++/8/bits/stl_tree.h:964 We need to destroy RenderProcessUserData before that happens. To do that we can just override RenderProcessHostDestroyed. Bug: 910288 Change-Id: I38107b178829b0cb7494f5333b765e5b087d82cd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1645366 Commit-Queue: Sigurður Ásgeirsson <siggi@chromium.org> Reviewed-by: Sigurður Ásgeirsson <siggi@chromium.org> Cr-Commit-Position: refs/heads/master@{#666279}

Avoid pure virtual crash destroying RenderProcessUserData
When RenderProcessUserData is destroyed from the destructor of RenderProcessHostImpl, it is done in the destructor of RenderProcessHost. At this point RemoveObserver override is already freed, so RenderProcessHost is pure virtual. This crash happens at least building with GCC: at /usr/include/c++/8/ext/new_allocator.h:140 (this=0x7fffffffcb50, __in_chrg=<optimized out>) at /usr/include/c++/8/bits/stl_tree.h:964 We need to destroy RenderProcessUserData before that happens. To do that we can just override RenderProcessHostDestroyed. Bug: 910288 Change-Id: I38107b178829b0cb7494f5333b765e5b087d82cd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1645366 Commit-Queue: Sigurður Ásgeirsson <siggi@chromium.org> Reviewed-by: Sigurður Ásgeirsson <siggi@chromium.org> Cr-Commit-Position: refs/heads/master@{#666279}
cdf306db · Jose Dapena Paz · Commit Bot · 6a6e3c23 · cdf306db · cdf306db
Commit cdf306db authored Jun 05, 2019 by Jose Dapena Paz Committed by Commit Bot Jun 05, 2019
2 changed files
--- a/chrome/browser/performance_manager/render_process_user_data.cc
+++ b/chrome/browser/performance_manager/render_process_user_data.cc
@@ -116,4 +116,9 @@ void RenderProcessUserData::RenderProcessExited(
                     base::Unretained(process_node_.get()), info.exit_code));
 }

+void RenderProcessUserData::RenderProcessHostDestroyed(
+    content::RenderProcessHost* host) {
+  host->RemoveUserData(kRenderProcessUserDataKey);
+}
+
 }  // namespace performance_manager
--- a/chrome/browser/performance_manager/render_process_user_data.h
+++ b/chrome/browser/performance_manager/render_process_user_data.h
@@ -47,6 +47,7 @@ class RenderProcessUserData : public base::SupportsUserData::Data,
  void RenderProcessExited(
      content::RenderProcessHost* host,
      const content::ChildProcessTerminationInfo& info) override;
+  void RenderProcessHostDestroyed(content::RenderProcessHost* host) override;

  // All instances are linked together in a doubly linked list to allow orderly
  // destruction at browser shutdown time.