Skip to content

GitLab

T
tangled
Commit d1314fbf authored by Keishi Hattori's avatar Keishi Hattori Committed by Chromium LUCI CQ
Browse files
Options

Fix destruction order in HeadlessWebContentsImpl for BackupRefPtr 

When BackupRefPtr is used for HeadlessWebContentsImpl::browser_context_, the destruction order of the fields causes a null dereference.

HeadlessWebContentsImpl::RenderFrameDeleted() gets called in ~HeadlessWebContentsImpl(), so the HeadlessWebContentsImpl is half destroyed and browser_context_ is null when it is called.

Bug: 1080832
Change-Id: I8ca260f175cc3a31115c63ecf62b05f1c1f7bc94
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2563515Reviewed-by: default avatarKentaro Hara <haraken@chromium.org>
Reviewed-by: default avatarBartek Nowierski <bartekn@chromium.org>
Reviewed-by: default avatarPeter Kvitek <kvitekp@chromium.org>
Commit-Queue: Keishi Hattori <keishi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#834545}
parent 8c18f0c4
Hide whitespace changes
Inline Side-by-side
Showing with 8 additions and 8 deletions
headless/lib/browser/headless_web_contents_impl.cc
View file @ d1314fbf
......@@ -285,12 +285,12 @@ HeadlessWebContentsImpl::HeadlessWebContentsImpl(
std::unique_ptr<content::WebContents> web_contents,
HeadlessBrowserContextImpl* browser_context)
: content::WebContentsObserver(web_contents.get()),
browser_context_(browser_context),
render_process_host_(web_contents->GetMainFrame()->GetProcess()),
web_contents_delegate_(new HeadlessWebContentsImpl::Delegate(this)),
web_contents_(std::move(web_contents)),
agent_host_(
content::DevToolsAgentHost::GetOrCreateFor(web_contents_.get())),
browser_context_(browser_context),
render_process_host_(web_contents_->GetMainFrame()->GetProcess()) {
content::DevToolsAgentHost::GetOrCreateFor(web_contents_.get())) {
#if BUILDFLAG(ENABLE_PRINTING)
HeadlessPrintManager::CreateForWebContents(web_contents_.get());
// TODO(weili): Add support for printing OOPIFs.
......
headless/lib/browser/headless_web_contents_impl.h
View file @ d1314fbf
......@@ -141,6 +141,11 @@ class HEADLESS_EXPORT HeadlessWebContentsImpl
viz::BeginFrameArgs::kStartingFrameNumber;
bool begin_frame_control_enabled_ = false;
HeadlessBrowserContextImpl* browser_context_; // Not owned.
// TODO(alexclarke): With OOPIF there may be more than one renderer, we need
// to fix this. See crbug.com/715924
content::RenderProcessHost* render_process_host_; // Not owned.
class Delegate;
std::unique_ptr<Delegate> web_contents_delegate_;
std::unique_ptr<HeadlessWindowTreeHost> window_tree_host_;
......@@ -151,11 +156,6 @@ class HEADLESS_EXPORT HeadlessWebContentsImpl
bool devtools_target_ready_notification_sent_ = false;
bool render_process_exited_ = false;
HeadlessBrowserContextImpl* browser_context_; // Not owned.
// TODO(alexclarke): With OOPIF there may be more than one renderer, we need
// to fix this. See crbug.com/715924
content::RenderProcessHost* render_process_host_; // Not owned.
base::ObserverList<HeadlessWebContents::Observer>::Unchecked observers_;
class PendingFrame;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment