|
|
@@ -0,0 +1,82 @@
|
|
|
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
+From: Brendon Tiszka <[email protected]>
|
|
|
+Date: Tue, 20 Apr 2021 15:45:03 +0000
|
|
|
+Subject: M86-LTS: Ensure that BrowserContext is not used after it has been
|
|
|
+ freed
|
|
|
+MIME-Version: 1.0
|
|
|
+Content-Type: text/plain; charset=UTF-8
|
|
|
+Content-Transfer-Encoding: 8bit
|
|
|
+
|
|
|
+Previously, it was possible for the BrowserContext to be destroyed
|
|
|
+before ReportAnchorElementMetricsOnClick attempted to access it.
|
|
|
+
|
|
|
+The fix uses the fact that NavigationPredictor extends
|
|
|
+WebContentsObserver and checks that web_contents is still alive
|
|
|
+before dereferencing BrowserContext. WebContents will always
|
|
|
+outlive BrowserContext.
|
|
|
+
|
|
|
+R=[email protected], [email protected]
|
|
|
+
|
|
|
+(cherry picked from commit 7313a810ae0b1361cbe8453bc5496654dee24c76)
|
|
|
+
|
|
|
+Bug: 1197904
|
|
|
+Change-Id: Iee4f126e92670a84d57c7a4ec7d6f702fb975c7e
|
|
|
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821639
|
|
|
+Reviewed-by: Ryan Sturm <[email protected]>
|
|
|
+Reviewed-by: Łukasz Anforowicz <[email protected]>
|
|
|
+Commit-Queue: Łukasz Anforowicz <[email protected]>
|
|
|
+Cr-Original-Commit-Position: refs/heads/master@{#872021}
|
|
|
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2838328
|
|
|
+Owners-Override: Achuith Bhandarkar <[email protected]>
|
|
|
+Auto-Submit: Achuith Bhandarkar <[email protected]>
|
|
|
+Reviewed-by: Artem Sumaneev <[email protected]>
|
|
|
+Commit-Queue: Achuith Bhandarkar <[email protected]>
|
|
|
+Cr-Commit-Position: refs/branch-heads/4240@{#1613}
|
|
|
+Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
|
|
|
+
|
|
|
+diff --git a/AUTHORS b/AUTHORS
|
|
|
+index 3aa101a8d38a899fefcca149e4ac8e658188e590..cccc1f6d1407183806e78cb99e56abe7bd93de82 100644
|
|
|
+--- a/AUTHORS
|
|
|
++++ b/AUTHORS
|
|
|
+@@ -145,6 +145,7 @@ Bobby Powers <[email protected]>
|
|
|
+ Branden Archer <[email protected]>
|
|
|
+ Brendan Kirby <[email protected]>
|
|
|
+ Brendan Long <[email protected]>
|
|
|
++Brendon Tiszka <[email protected]>
|
|
|
+ Brian Clifton <[email protected]>
|
|
|
+ Brian G. Merrell <[email protected]>
|
|
|
+ Brian Konzman, SJ <[email protected]>
|
|
|
+diff --git a/chrome/browser/navigation_predictor/navigation_predictor.cc b/chrome/browser/navigation_predictor/navigation_predictor.cc
|
|
|
+index 495bb165a30f2b1bf690e6d0724ad8f347a76d44..b62a97501565555493f4db82ce4a1ababff19eb6 100644
|
|
|
+--- a/chrome/browser/navigation_predictor/navigation_predictor.cc
|
|
|
++++ b/chrome/browser/navigation_predictor/navigation_predictor.cc
|
|
|
+@@ -506,6 +506,9 @@ void NavigationPredictor::ReportAnchorElementMetricsOnClick(
|
|
|
+ DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
|
|
|
+ DCHECK(base::FeatureList::IsEnabled(blink::features::kNavigationPredictor));
|
|
|
+
|
|
|
++ if (!web_contents())
|
|
|
++ return;
|
|
|
++
|
|
|
+ if (browser_context_->IsOffTheRecord())
|
|
|
+ return;
|
|
|
+
|
|
|
+@@ -652,6 +655,9 @@ void NavigationPredictor::ReportAnchorElementMetricsOnLoad(
|
|
|
+ // Each document should only report metrics once when page is loaded.
|
|
|
+ DCHECK(navigation_scores_map_.empty());
|
|
|
+
|
|
|
++ if (!web_contents())
|
|
|
++ return;
|
|
|
++
|
|
|
+ if (browser_context_->IsOffTheRecord())
|
|
|
+ return;
|
|
|
+
|
|
|
+@@ -897,6 +903,9 @@ void NavigationPredictor::MaybeTakeActionOnLoad(
|
|
|
+ }
|
|
|
+
|
|
|
+ void NavigationPredictor::MaybePrefetch() {
|
|
|
++ if (!web_contents())
|
|
|
++ return;
|
|
|
++
|
|
|
+ // If prefetches aren't allowed here, this URL has already
|
|
|
+ // been prefetched, or the current tab is hidden,
|
|
|
+ // we shouldn't prefetch again.
|
Pedro Pontes