Google Git
Sign in
chromium / chromium / src.git / 30cd72d13173112edf78b2204bbdda72fc37754b
commit30cd72d13173112edf78b2204bbdda72fc37754b[log] [tgz]
authordanakj <[email protected]>Fri Oct 11 17:52:50 2019
committerCommit Bot <[email protected]>Fri Oct 11 17:52:50 2019
tree2dbbd3d37720f67b3db844370a1d9f980a638e9d
parent15651c032b3ef38d460b86e884b3e43457646e24 [diff]
Remove null checks and early outs for closing in RenderWidget.

RenderWidget used to start closing and then post a task to self-delete.
But now it deletes synchronously inside Close(). So when closing_
becomes true, the RenderWidget will be deleted in the same stack. Thus
we do not need to guard against closing_ since blink will not be using
the RenderWidget afterward - it would be a UAF.

The LayerTreeViewDelegate methods used to check for a null WebWidget
which would be the case once closing_ became true, before RenderWidget
was destroyed. Now the RenderWidget disconnects itself from the
LayerTreeView and deletes immediately, so these methods are never
called with a null WebWidget unless they were used while the
RenderWidget is undead. But the compositor does not run while the
RenderWidget is undead, and the LayerTreeViewDelegate will not be used
unless the compositor posted the task and then runs it after the
RenderWidget becomes undead. The methods in this CL are all part of the
BeginMainFrame step which only runs when the compositor is visible and
the RenderWidget is not undead.

[email protected]

Bug: 419087
Change-Id: If0158f2ffeaf0c5d334a80aed3cdb9e686002fb6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1854878
Reviewed-by: Avi Drissman <[email protected]>
Commit-Queue: danakj <[email protected]>
Cr-Commit-Position: refs/heads/master@{#705178}
2 files changed
tree: 2dbbd3d37720f67b3db844370a1d9f980a638e9d
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. media/
  32. mojo/
  33. native_client_sdk/
  34. net/
  35. pdf/
  36. ppapi/
  37. printing/
  38. remoting/
  39. rlz/
  40. sandbox/
  41. services/
  42. skia/
  43. sql/
  44. storage/
  45. styleguide/
  46. testing/
  47. third_party/
  48. tools/
  49. ui/
  50. url/
  51. weblayer/
  52. .clang-format
  53. .eslintrc.js
  54. .git-blame-ignore-revs
  55. .gitattributes
  56. .gitignore
  57. .gn
  58. .vpython
  59. .vpython3
  60. AUTHORS
  61. BUILD.gn
  62. CODE_OF_CONDUCT.md
  63. codereview.settings
  64. DEPS
  65. ENG_REVIEW_OWNERS
  66. LICENSE
  67. LICENSE.chromium_os
  68. OWNERS
  69. PRESUBMIT.py
  70. PRESUBMIT_test.py
  71. PRESUBMIT_test_mocks.py
  72. README.md
  73. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .