Comment #1 on issue 21832 by [email protected]: Browser crash in net::SSLClientSocketMac::OnIOComplete http://code.google.com/p/chromium/issues/detail?id=21832
We had this kind of crash on Linux and Windows before. Here is the bug fix. It may be related. ------------------------------------------------------------------------ r19307 | [email protected] | 2009-06-25 16:40:24 -0700 (Thu, 25 Jun 2009) | 17 lines Fix a crash in net::SSLClientSocketWin::OnIOComplete(int) when an HttpNetworkTransaction is destroyed while its SSLClientSocket is verifying a certificate. Document that ClientSocket::Disconnect aborts any pending IO and prevents completion callback from running, like a cancel method. Change the verifier_ member of SSLClientSocket to a scoped_ptr so that we can destroy the CertVerifier object in the Disconnect method. (CertVerifier doesn't have a cancel method, so we cancel pending certificate verification by destroying the CertVerifier object.) R=willchan BUG=http://crbug.com/13981 TEST=none. I can only reproduce this crash by modifying the source code to create that condition. Review URL: http://codereview.chromium.org/147159 ------------------------------------------------------------------------ I have a patch in issue 13981 commment 13 to inject the error that causes this crash. Please try that. I suspect that we need to apply this change to SSLClientSocketMac::Disconnect(): @@ -477,6 +478,8 @@ void SSLClientSocketWin::Disconnect() { // TODO(wtc): Send SSL close_notify alert. completed_handshake_ = false; + // Shut down anything that may call us back through io_callback_. + verifier_.reset(); transport_->Disconnect(); if (send_buffer_.pvBuffer) -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
