Comment #6 on issue 24248 by [email protected]: Crash -
RenderWidgetHostViewWin::OnFinalMessage(HWND__ *)
http://code.google.com/p/chromium/issues/detail?id=24248
So it looks like we are depending on ATL calling OnFinalMessage() in
response to calling DestroyWindow().
I don't know the first thing about ATL so I couldn't say whether this is
reasonable or not. However in the
crash reports, this was NOT the case -- OnFinalMessage() was delivered
asynchronously.
Obviously this is problematic, since in RenderWidgetHost::Destroy() we do:
if (view_)
view_->Destroy(); <---- This calls DestroyWindow()
delete this; <---- |view_->render_widget_host_| is now pointing at
deleted memory.
So when RenderWidgetHostViewWin::OnFinalMessage() get delivered
asynchronously, then it is illegal for it
to access |this->render_widget_host_|.
My proposed speculative fix is to NULL out }render_widget_host_| during
RenderWidgetHostViewWin::Destroy(), to make sure we don't try and access it
later.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
