Remove itself from the widget observers in destructor
This patch may fix the use-after-free reported in crbug.com/612050.
BUG=612050
TEST=msan passes
Review-Url: https://codereview.chromium.org/2031763003
Cr-Commit-Position: refs/heads/master@{#402408}
diff --git a/ui/message_center/views/message_center_bubble.cc b/ui/message_center/views/message_center_bubble.cc
index 5f7d30b..c65587b 100644
--- a/ui/message_center/views/message_center_bubble.cc
+++ b/ui/message_center/views/message_center_bubble.cc
@@ -68,6 +68,10 @@
first_item_has_no_margin_(first_item_has_no_margin) {}
MessageCenterBubble::~MessageCenterBubble() {
+ // Removs this from the widget observers just in case. MessageCenterBubble
+ // might be destoryed without calling its Widget's Close/CloseNow.
+ if (bubble_view() && bubble_view()->GetWidget())
+ bubble_view()->GetWidget()->RemoveObserver(this);
}
void MessageCenterBubble::SetSettingsVisible() {
@@ -124,7 +128,8 @@
}
void MessageCenterBubble::OnWidgetClosing(views::Widget* widget) {
- bubble_view()->GetWidget()->RemoveObserver(this);
+ if (bubble_view() && bubble_view()->GetWidget())
+ bubble_view()->GetWidget()->RemoveObserver(this);
if (message_center_view_)
message_center_view_->SetIsClosing(true);
}
