From cdf306db81efaaaa954487585d5a5a16205a5ebd Mon Sep 17 00:00:00 2001 From: Jose Dapena Paz Date: Wed, 05 Jun 2019 14:45:06 +0000 Subject: [PATCH] Avoid pure virtual crash destroying RenderProcessUserData When RenderProcessUserData is destroyed from the destructor of RenderProcessHostImpl, it is done in the destructor of RenderProcessHost. At this point RemoveObserver override is already freed, so RenderProcessHost is pure virtual. This crash happens at least building with GCC: at /usr/include/c++/8/ext/new_allocator.h:140 (this=0x7fffffffcb50, __in_chrg=) at /usr/include/c++/8/bits/stl_tree.h:964 We need to destroy RenderProcessUserData before that happens. To do that we can just override RenderProcessHostDestroyed. Bug: 910288 Change-Id: I38107b178829b0cb7494f5333b765e5b087d82cd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1645366 Commit-Queue: Sigurður Ásgeirsson Reviewed-by: Sigurður Ásgeirsson Cr-Commit-Position: refs/heads/master@{#666279} --- diff --git a/chrome/browser/performance_manager/render_process_user_data.cc b/chrome/browser/performance_manager/render_process_user_data.cc index 2e2c199..ef6e1fb 100644 --- a/chrome/browser/performance_manager/render_process_user_data.cc +++ b/chrome/browser/performance_manager/render_process_user_data.cc @@ -116,4 +116,9 @@ base::Unretained(process_node_.get()), info.exit_code)); } +void RenderProcessUserData::RenderProcessHostDestroyed( + content::RenderProcessHost* host) { + host->RemoveUserData(kRenderProcessUserDataKey); +} + } // namespace performance_manager diff --git a/chrome/browser/performance_manager/render_process_user_data.h b/chrome/browser/performance_manager/render_process_user_data.h index ac74b1d..f3b4d16 100644 --- a/chrome/browser/performance_manager/render_process_user_data.h +++ b/chrome/browser/performance_manager/render_process_user_data.h @@ -47,6 +47,7 @@ void RenderProcessExited( content::RenderProcessHost* host, const content::ChildProcessTerminationInfo& info) override; + void RenderProcessHostDestroyed(content::RenderProcessHost* host) override; // All instances are linked together in a doubly linked list to allow orderly // destruction at browser shutdown time.