Fix crasher in the pdf tear down code path.

The crash occurs because of a timer dereferencing a null engine pointer. The crash appears to have occurred due to this patch https://codereview.chromium.org/427583003/ Fix is to cancel all timers when the pdf instance is being torn down before destroying the engine. BUG=403036 Review URL: https://codereview.chromium.org/462283002 Cr-Commit-Position: refs/heads/master@{#289218} git-svn-id: svn://svn.chromium.org/chrome/trunk/src@289218 0039d316-1c4b-4281-b951-d872f2087c98

Fix crasher in the pdf tear down code path.
The crash occurs because of a timer dereferencing a null engine pointer. The crash appears to have occurred due to this patch https://codereview.chromium.org/427583003/ Fix is to cancel all timers when the pdf instance is being torn down before destroying the engine. BUG=403036 Review URL: https://codereview.chromium.org/462283002 Cr-Commit-Position: refs/heads/master@{#289218} git-svn-id: svn://svn.chromium.org/chrome/trunk/src@289218 0039d316-1c4b-4281-b951-d872f2087c98
d1e2c63c · ananta@chromium.org · ac3446d6 · d1e2c63c
Commit d1e2c63c authored Aug 13, 2014 by ananta@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

pdf/instance.cc pdf/instance.cc +4 -0

No files found.
--- a/pdf/instance.cc
+++ b/pdf/instance.cc
@@ -307,6 +307,10 @@ Instance::Instance(PP_Instance instance)
 }
 Instance::~Instance() {
+  if (timer_pending_) {
+    timer_factory_.CancelAll();
+    timer_pending_ = false;
+  }
  // The engine may try to access this instance during its destruction.
  // Make sure this happens early while the instance is still intact.
  engine_.reset();