From 74361db3606129b59b2d7c41f75b72039c7381fa Mon Sep 17 00:00:00 2001 From: Sebastien Marchand Date: Wed, 7 Mar 2018 21:21:05 +0000 Subject: [PATCH] Fix 2 access violation in resource_coordinator. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bug: 818454 Change-Id: I77f6ea60f38ad8956d7f7e042c57202f3f41a07c Reviewed-on: https://chromium-review.googlesource.com/951749 Commit-Queue: Sébastien Marchand Reviewed-by: Chris Hamilton Cr-Original-Commit-Position: refs/heads/master@{#541230}(cherry picked from commit 182f8382d3dbec1d58cdff9d55d188f984625aa7) Reviewed-on: https://chromium-review.googlesource.com/953366 Reviewed-by: Sébastien Marchand Cr-Commit-Position: refs/branch-heads/3359@{#73} Cr-Branched-From: 66afc5e5d10127546cc4b98b9117aff588b5e66b-refs/heads/master@{#540276} --- .../resource_coordinator/tab_lifecycle_unit_source.cc | 6 +++++- chrome/browser/resource_coordinator/tab_manager.cc | 8 +++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/chrome/browser/resource_coordinator/tab_lifecycle_unit_source.cc b/chrome/browser/resource_coordinator/tab_lifecycle_unit_source.cc index 9e0a05ac461e..e3093d3c4a82 100644 --- a/chrome/browser/resource_coordinator/tab_lifecycle_unit_source.cc +++ b/chrome/browser/resource_coordinator/tab_lifecycle_unit_source.cc @@ -161,7 +161,11 @@ void TabLifecycleUnitSource::TabChangedAt(content::WebContents* contents, if (change_type != TabChangeType::kAll) return; auto it = tabs_.find(contents); - DCHECK(it != tabs_.end()); + // The WebContents destructor might cause this function to be called, at this + // point TabClosingAt has already been called and so this WebContents has + // been removed from |tabs_|. + if (it == tabs_.end()) + return; TabLifecycleUnit* lifecycle_unit = it->second.get(); lifecycle_unit->SetRecentlyAudible(contents->WasRecentlyAudible()); } diff --git a/chrome/browser/resource_coordinator/tab_manager.cc b/chrome/browser/resource_coordinator/tab_manager.cc index 387fa9a948dd..143a574e7b10 100644 --- a/chrome/browser/resource_coordinator/tab_manager.cc +++ b/chrome/browser/resource_coordinator/tab_manager.cc @@ -482,7 +482,13 @@ void TabManager::PurgeBackgroundedTabsIfNeeded() { DCHECK(tab_lifecycle_unit_external); content::WebContents* content = tab_lifecycle_unit_external->GetWebContents(); - DCHECK(content); + // TODO(fdoray): Check if TabLifecycleUnitSource should override + // WebContentsObserver::WebContentsDestroyed() as in some situations a + // WebContents might get destroyed without a call to + // TabStripModelObserver::TabClosingAt, in this case we'll have a + // TabLifecycleUnitExternal that points to a null WebContents. + if (content == nullptr) + return; content::RenderProcessHost* render_process_host = content->GetMainFrame()->GetProcess();