blob: 3d34e436a281043034b93ee0a58a8eeac868c44e (
plain) (
tree)
|
|
From cdf306db81efaaaa954487585d5a5a16205a5ebd Mon Sep 17 00:00:00 2001
From: Jose Dapena Paz <jose.dapena@lge.com>
Date: Wed, 05 Jun 2019 14:45:06 +0000
Subject: [PATCH] Avoid pure virtual crash destroying RenderProcessUserData
When RenderProcessUserData is destroyed from the destructor of
RenderProcessHostImpl, it is done in the destructor of RenderProcessHost.
At this point RemoveObserver override is already freed, so RenderProcessHost
is pure virtual. This crash happens at least building with GCC:
at /usr/include/c++/8/ext/new_allocator.h:140
(this=0x7fffffffcb50, __in_chrg=<optimized out>) at /usr/include/c++/8/bits/stl_tree.h:964
We need to destroy RenderProcessUserData before that happens. To do that
we can just override RenderProcessHostDestroyed.
Bug: 910288
Change-Id: I38107b178829b0cb7494f5333b765e5b087d82cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1645366
Commit-Queue: Sigurður Ásgeirsson <siggi@chromium.org>
Reviewed-by: Sigurður Ásgeirsson <siggi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#666279}
---
diff --git a/chrome/browser/performance_manager/render_process_user_data.cc b/chrome/browser/performance_manager/render_process_user_data.cc
index 2e2c199..ef6e1fb 100644
--- a/chrome/browser/performance_manager/render_process_user_data.cc
+++ b/chrome/browser/performance_manager/render_process_user_data.cc
@@ -116,4 +116,9 @@
base::Unretained(process_node_.get()), info.exit_code));
}
+void RenderProcessUserData::RenderProcessHostDestroyed(
+ content::RenderProcessHost* host) {
+ host->RemoveUserData(kRenderProcessUserDataKey);
+}
+
} // namespace performance_manager
diff --git a/chrome/browser/performance_manager/render_process_user_data.h b/chrome/browser/performance_manager/render_process_user_data.h
index ac74b1d..f3b4d16 100644
--- a/chrome/browser/performance_manager/render_process_user_data.h
+++ b/chrome/browser/performance_manager/render_process_user_data.h
@@ -47,6 +47,7 @@
void RenderProcessExited(
content::RenderProcessHost* host,
const content::ChildProcessTerminationInfo& info) override;
+ void RenderProcessHostDestroyed(content::RenderProcessHost* host) override;
// All instances are linked together in a doubly linked list to allow orderly
// destruction at browser shutdown time.
|