Associate RenderWidgetHostView for new widget with correct process
Creating a select element dropdown in an out-of-process iframe is
crashing the browser process because the RenderWidgetHostView for the
new widget becomes associated with the top-level frame's renderer
process, creating a routing ID conflict. This CL initializes
the new RenderWidgetHostView with the correct RenderProcessHost.
BUG=582511
Review URL: https://codereview.chromium.org/1685133003
Cr-Commit-Position: refs/heads/master@{#374740}
diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
index d4f6bec..e02c7703 100644
--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -1961,17 +1961,16 @@
int32_t route_id,
bool is_fullscreen,
blink::WebPopupType popup_type) {
- RenderProcessHost* process = GetRenderProcessHost();
+ RenderProcessHost* process = RenderProcessHost::FromID(render_process_id);
// A message to create a new widget can only come from an active process for
// this WebContentsImpl instance. If any other process sends the request,
// it is invalid and the process must be terminated.
if (!HasMatchingProcess(&frame_tree_, render_process_id)) {
- RenderProcessHost* rph = RenderProcessHost::FromID(render_process_id);
- base::ProcessHandle process_handle = rph->GetHandle();
+ base::ProcessHandle process_handle = process->GetHandle();
if (process_handle != base::kNullProcessHandle) {
RecordAction(
base::UserMetricsAction("Terminate_ProcessMismatch_CreateNewWidget"));
- rph->Shutdown(RESULT_CODE_KILLED, false);
+ process->Shutdown(RESULT_CODE_KILLED, false);
}
return;
}
