Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[M108] Reset source SiteInstance before scheduling PDF navigations in…
… subframes. This CL fixes a SiteInstance/BrowserContext lifetime issue in PdfNavigationThrottle::WillStartRequest(), which cancels certain subframe PDF navigations and schedules replacement navigations with slightly tweaked params via a PostTask. The PostTask takes in OpenURLParams, which contains the source SiteInstance in a scoped_refptr. Unfortunately, issue 1382761 shows that the BrowserContext can get destroyed after the task is scheduled but before it runs, and even though the task uses a WebContents WeakPtr to return early in that case, the task's OpenURLParams would only get destroyed and decrement the source SiteInstance's refcount at the time of that early return, which is already after the BrowserContext is destroyed. When the (source) SiteInstance destructor runs and tries to use the SiteInstance's BrowserContext, things blow up. As a short-term fix, we can avoid keeping the source SiteInstance alive longer than its BrowserContext by not passing it through OpenURLParams, but rather setting it directly when the task runs. This is possible because in this case the source SiteInstance should always be the SiteInstance of the PDF extension loaded in the guest's main frame. Longer-term, we should find a more systematic way to fix these problems, for example by not exposing refcounting of SiteInstances outside of //content or introducing an API for scheduling navigations that is robust against BrowserContext destruction. See the bug for more details and other ideas. (cherry picked from commit 9f9db7e) Bug: 1382761 Change-Id: I9a08847e05cfca85eb4f9f2a5bb95815e90c6042 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4043432 Reviewed-by: K. Moon <kmoon@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Commit-Queue: Alex Moshchuk <alexmos@chromium.org> Cr-Original-Commit-Position: refs/heads/main@{#1074889} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4073806 Cr-Commit-Position: refs/branch-heads/5359@{#1066} Cr-Branched-From: 27d3765-refs/heads/main@{#1058933}
- Loading branch information
Alex Moshchuk
authored and
Chromium LUCI CQ
committed
Dec 2, 2022
1 parent
84e1b97
commit 282f304
Showing
4 changed files
with
109 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters