Skip to content

Commit feb6160

Browse files
committed
Fix dangling pointer to native_delegate_(fix issue chromiumembedded#4072)
Change native_delegate_ within ChildWindowDelegate to be base::WeakPtr<CefBrowserPlatformDelegateNative> to fix dangling pointer.
1 parent 476a612 commit feb6160

4 files changed

Lines changed: 18 additions & 10 deletions

File tree

libcef/browser/chrome/browser_platform_delegate_chrome.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,8 +52,8 @@ class CefBrowserPlatformDelegateChrome
5252

5353
void set_chrome_browser(Browser* browser);
5454

55-
CefBrowserPlatformDelegateNative* native_delegate() const {
56-
return native_delegate_.get();
55+
base::WeakPtr<CefBrowserPlatformDelegateNative> native_delegate() const {
56+
return native_delegate_->GetWeakPtr();
5757
}
5858

5959
protected:

libcef/browser/chrome/views/chrome_child_window.cc

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ class ChildWindowDelegate : public CefWindowDelegate {
6565
void OnWindowDestroyed(CefRefPtr<CefWindow> window) override {
6666
browser_view_ = nullptr;
6767
window_ = nullptr;
68-
#if BUILDFLAG(IS_WIN)
68+
#if defined(USE_AURA)
6969
native_delegate_ = nullptr;
7070
#endif
7171
}
@@ -96,8 +96,7 @@ class ChildWindowDelegate : public CefWindowDelegate {
9696
DCHECK(platform_delegate->IsViewsHosted());
9797
auto chrome_delegate =
9898
static_cast<CefBrowserPlatformDelegateChromeViews*>(platform_delegate);
99-
native_delegate_ = static_cast<CefBrowserPlatformDelegateNativeAura*>(
100-
chrome_delegate->native_delegate());
99+
native_delegate_ = chrome_delegate->native_delegate();
101100

102101
#if BUILDFLAG(IS_WIN)
103102
auto widget = static_cast<CefWindowImpl*>(window_.get())->widget();
@@ -106,9 +105,11 @@ class ChildWindowDelegate : public CefWindowDelegate {
106105
DCHECK(widget_hwnd);
107106

108107
// The Windows delegate needs state to perform some actions.
109-
auto* delegate_win =
110-
static_cast<CefBrowserPlatformDelegateNativeWin*>(native_delegate_);
111-
delegate_win->set_widget(widget, widget_hwnd);
108+
if (native_delegate_){
109+
auto* delegate_win =
110+
static_cast<CefBrowserPlatformDelegateNativeWin*>(native_delegate_);
111+
delegate_win->set_widget(widget, widget_hwnd);
112+
}
112113

113114
if (window_info_.ex_style & WS_EX_NOACTIVATE) {
114115
const DWORD widget_ex_styles = GetWindowLongPtr(widget_hwnd, GWL_EXSTYLE);
@@ -145,7 +146,7 @@ class ChildWindowDelegate : public CefWindowDelegate {
145146
CefRefPtr<CefWindow> window_;
146147

147148
#if defined(USE_AURA)
148-
base::raw_ptr<CefBrowserPlatformDelegateNativeAura> native_delegate_ =
149+
base::WeakPtr<CefBrowserPlatformDelegateNative> native_delegate_ =
149150
nullptr;
150151
#endif
151152

libcef/browser/native/browser_platform_delegate_native.cc

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,3 +47,7 @@ void CefBrowserPlatformDelegateNative::NotifyScreenInfoChanged() {
4747

4848
render_widget_host->NotifyScreenInfoChanged();
4949
}
50+
51+
base::WeakPtr<CefBrowserPlatformDelegateNative> CefBrowserPlatformDelegateNative::GetWeakPtr() {
52+
return weak_ptr_factory_.GetWeakPtr();
53+
}

libcef/browser/native/browser_platform_delegate_native.h

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ class CefBrowserPlatformDelegateNative
5151
int deltaY) const = 0;
5252

5353
const CefWindowInfo& window_info() const { return window_info_; }
54-
54+
base::WeakPtr<CefBrowserPlatformDelegateNative> GetWeakPtr();
5555
protected:
5656
// Delegates that can wrap a native delegate.
5757
friend class CefBrowserPlatformDelegateBackground;
@@ -73,6 +73,9 @@ class CefBrowserPlatformDelegateNative
7373

7474
// Not owned by this object.
7575
raw_ptr<WindowlessHandler> windowless_handler_ = nullptr;
76+
77+
base::WeakPtrFactory<CefBrowserPlatformDelegateNative> weak_ptr_factory_{
78+
this};
7679
};
7780

7881
#endif // CEF_LIBCEF_BROWSER_NATIVE_BROWSER_PLATFORM_DELEGATE_NATIVE_H_

0 commit comments

Comments
 (0)