forked from electron/electron
/
portals_fix_crash_when_detaching_oopif_from_portal.patch
183 lines (163 loc) · 9.32 KB
/
portals_fix_crash_when_detaching_oopif_from_portal.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexandre=20Lach=C3=A8ze?= <alexandre.lacheze@gmail.com>
Date: Tue, 25 Jun 2019 17:36:08 +0200
Subject: Portals: Fix crash when detaching OOPIF from portal.
Prior to this change, any detachment of a proxy would cause the
inner WebContents to get detached from the outer WebContents. After
this change, we only detach the inner WebContents from the outer
WebContents when the main frame's proxy is detached.
Bug: 955392
Change-Id: I41fe61961a26636132ce2f17153b2c08b93af1e1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1577636
Commit-Queue: Lucas Gadani <lfg@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#654071}
diff --git a/content/browser/frame_host/cross_process_frame_connector.cc b/content/browser/frame_host/cross_process_frame_connector.cc
index ae486a29d07b773464dc3071dde2a33c8375f3a6..9967d0657c6ab7d72649a82b1f9c3839043b4cda 100644
--- a/content/browser/frame_host/cross_process_frame_connector.cc
+++ b/content/browser/frame_host/cross_process_frame_connector.cc
@@ -386,7 +386,7 @@ void CrossProcessFrameConnector::OnVisibilityChanged(bool visible) {
// Show/Hide on all the RenderWidgetHostViews (including this) one.
if (frame_proxy_in_parent_renderer_->frame_tree_node()
->render_manager()
- ->ForInnerDelegate()) {
+ ->IsMainFrameForInnerDelegate()) {
view_->host()->delegate()->OnRenderFrameProxyVisibilityChanged(visible);
return;
}
diff --git a/content/browser/frame_host/render_frame_host_manager.cc b/content/browser/frame_host/render_frame_host_manager.cc
index 760965f134e3326676428b9fc6906f9ff740aac2..6dbb73c964601f0dae7ef6460a0ae2a048634a35 100644
--- a/content/browser/frame_host/render_frame_host_manager.cc
+++ b/content/browser/frame_host/render_frame_host_manager.cc
@@ -132,14 +132,15 @@ RenderWidgetHostView* RenderFrameHostManager::GetRenderWidgetHostView() const {
return nullptr;
}
-bool RenderFrameHostManager::ForInnerDelegate() {
- return delegate_->GetOuterDelegateFrameTreeNodeId() !=
- FrameTreeNode::kFrameTreeNodeInvalidId;
+bool RenderFrameHostManager::IsMainFrameForInnerDelegate() {
+ return frame_tree_node_->IsMainFrame() &&
+ delegate_->GetOuterDelegateFrameTreeNodeId() !=
+ FrameTreeNode::kFrameTreeNodeInvalidId;
}
RenderWidgetHostImpl*
RenderFrameHostManager::GetOuterRenderWidgetHostForKeyboardInput() {
- if (!ForInnerDelegate() || !frame_tree_node_->IsMainFrame())
+ if (!IsMainFrameForInnerDelegate())
return nullptr;
FrameTreeNode* outer_contents_frame_tree_node =
@@ -168,6 +169,8 @@ RenderFrameProxyHost* RenderFrameHostManager::GetProxyToParent() {
}
RenderFrameProxyHost* RenderFrameHostManager::GetProxyToOuterDelegate() {
+ // Only the main frame should be able to reach the outer WebContents.
+ DCHECK(frame_tree_node_->IsMainFrame());
int outer_contents_frame_tree_node_id =
delegate_->GetOuterDelegateFrameTreeNodeId();
FrameTreeNode* outer_contents_frame_tree_node =
@@ -183,6 +186,9 @@ RenderFrameProxyHost* RenderFrameHostManager::GetProxyToOuterDelegate() {
}
void RenderFrameHostManager::RemoveOuterDelegateFrame() {
+ // Removing the outer delegate frame will destroy the inner WebContents. This
+ // should only be called on the main frame.
+ DCHECK(frame_tree_node_->IsMainFrame());
FrameTreeNode* outer_delegate_frame_tree_node =
FrameTreeNode::GloballyFindByID(
delegate_->GetOuterDelegateFrameTreeNodeId());
@@ -1880,7 +1886,7 @@ int RenderFrameHostManager::CreateRenderFrameProxy(SiteInstance* instance) {
void RenderFrameHostManager::CreateProxiesForChildFrame(FrameTreeNode* child) {
RenderFrameProxyHost* outer_delegate_proxy =
- ForInnerDelegate() ? GetProxyToOuterDelegate() : nullptr;
+ IsMainFrameForInnerDelegate() ? GetProxyToOuterDelegate() : nullptr;
for (const auto& pair : proxy_hosts_) {
// Do not create proxies for subframes in the outer delegate's process,
// since the outer delegate does not need to interact with them.
@@ -1944,7 +1950,7 @@ void RenderFrameHostManager::SwapOuterDelegateFrame(
void RenderFrameHostManager::SetRWHViewForInnerContents(
RenderWidgetHostView* child_rwhv) {
- DCHECK(ForInnerDelegate() && frame_tree_node_->IsMainFrame());
+ DCHECK(IsMainFrameForInnerDelegate());
GetProxyToOuterDelegate()->SetChildRWHView(child_rwhv, nullptr);
}
@@ -2636,7 +2642,7 @@ void RenderFrameHostManager::SendPageMessage(IPC::Message* msg,
// When sending a PageMessage for an inner WebContents, we don't want to also
// send it to the outer WebContent's frame as well.
RenderFrameProxyHost* outer_delegate_proxy =
- ForInnerDelegate() ? GetProxyToOuterDelegate() : nullptr;
+ IsMainFrameForInnerDelegate() ? GetProxyToOuterDelegate() : nullptr;
for (const auto& pair : proxy_hosts_) {
if (outer_delegate_proxy != pair.second.get()) {
send_msg(pair.second.get(), pair.second->GetRoutingID(), msg,
diff --git a/content/browser/frame_host/render_frame_host_manager.h b/content/browser/frame_host/render_frame_host_manager.h
index 644175178623ec26f6dfcf51db5833cdb03bd5ae..937ce66cedc2ab6b14b6ba9c247597a2d757613e 100644
--- a/content/browser/frame_host/render_frame_host_manager.h
+++ b/content/browser/frame_host/render_frame_host_manager.h
@@ -203,9 +203,9 @@ class CONTENT_EXPORT RenderFrameHostManager
// there is no current one.
RenderWidgetHostView* GetRenderWidgetHostView() const;
- // Returns whether this manager belongs to a FrameTreeNode that belongs to an
- // inner WebContents.
- bool ForInnerDelegate();
+ // Returns whether this manager is a main frame and belongs to a FrameTreeNode
+ // that belongs to an inner WebContents.
+ bool IsMainFrameForInnerDelegate();
// Returns the RenderWidgetHost of the outer WebContents (if any) that can be
// used to fetch the last keyboard event.
@@ -213,8 +213,9 @@ class CONTENT_EXPORT RenderFrameHostManager
// remote frames.
RenderWidgetHostImpl* GetOuterRenderWidgetHostForKeyboardInput();
- // Return the FrameTreeNode for the frame in the outer WebContents (if any)
- // that contains the inner WebContents.
+ // If this is a RenderFrameHostManager for a main frame, this method returns
+ // the FrameTreeNode for the frame in the outer WebContents (if any) that
+ // contains the inner WebContents.
FrameTreeNode* GetOuterDelegateNode();
// Return a proxy for this frame in the parent frame's SiteInstance. Returns
@@ -222,13 +223,13 @@ class CONTENT_EXPORT RenderFrameHostManager
// example, if this frame is same-site with its parent).
RenderFrameProxyHost* GetProxyToParent();
- // Returns the proxy to inner WebContents in the outer WebContents's
- // SiteInstance. Returns nullptr if this WebContents isn't part of inner/outer
- // relationship.
+ // If this is a RenderFrameHostManager for a main frame, returns the proxy to
+ // inner WebContents in the outer WebContents's SiteInstance. Returns nullptr
+ // if this WebContents isn't part of inner/outer relationship.
RenderFrameProxyHost* GetProxyToOuterDelegate();
- // Removes the FrameTreeNode in the outer WebContents that represents this
- // FrameTreeNode.
+ // If this is a RenderFrameHostManager for a main frame, removes the
+ // FrameTreeNode in the outer WebContents that represents this FrameTreeNode.
// TODO(lazyboy): This does not belong to RenderFrameHostManager, move it to
// somehwere else.
void RemoveOuterDelegateFrame();
diff --git a/content/browser/frame_host/render_frame_proxy_host.cc b/content/browser/frame_host/render_frame_proxy_host.cc
index a5e18f465f79416c05fd3ab630b40b079a7a7cbc..075810f5553731b56b08b5e6e35854bdebed2021 100644
--- a/content/browser/frame_host/render_frame_proxy_host.cc
+++ b/content/browser/frame_host/render_frame_proxy_host.cc
@@ -68,8 +68,7 @@ RenderFrameProxyHost::RenderFrameProxyHost(SiteInstance* site_instance,
RenderFrameProxyHostID(GetProcess()->GetID(), routing_id_),
this)).second);
CHECK(render_view_host ||
- (frame_tree_node_->render_manager()->ForInnerDelegate() &&
- frame_tree_node_->IsMainFrame()));
+ frame_tree_node_->render_manager()->IsMainFrameForInnerDelegate());
if (render_view_host)
frame_tree_node_->frame_tree()->AddRenderViewHostRef(render_view_host_);
@@ -79,8 +78,7 @@ RenderFrameProxyHost::RenderFrameProxyHost(SiteInstance* site_instance,
->current_frame_host()
->GetSiteInstance() == site_instance;
bool is_proxy_to_outer_delegate =
- frame_tree_node_->IsMainFrame() &&
- frame_tree_node_->render_manager()->ForInnerDelegate();
+ frame_tree_node_->render_manager()->IsMainFrameForInnerDelegate();
// If this is a proxy to parent frame or this proxy is for the inner
// WebContents's FrameTreeNode in outer WebContents's SiteInstance, then we
@@ -262,9 +260,7 @@ void RenderFrameProxyHost::SetDestructionCallback(
}
void RenderFrameProxyHost::OnDetach() {
- if (frame_tree_node_->render_manager()->ForInnerDelegate()) {
- // Only main frame proxy can detach for inner WebContents.
- DCHECK(frame_tree_node_->IsMainFrame());
+ if (frame_tree_node_->render_manager()->IsMainFrameForInnerDelegate()) {
frame_tree_node_->render_manager()->RemoveOuterDelegateFrame();
return;
}