Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[embedlite] Workaround for browser crash during window close JB#29415
The current shutdown procedure of EmbedLite assumes that NULLing nsWebBrowser pointer in EmbedLiteViewThreadChild::RecvDestroy will actually destroy it. This assumption is quite critical since the removing nsWebBrowser also triggers removal of EmbedLitePuppetWidgets we created. All the EmbedLitePupetWidgets hold a reference to the view object in mEmbed variable which they use before they are destroyed. This means the EmbedLiteViewThreadChild has to be removed last. The proble is that EmbedLiteViewThreadchild::mWebBrowser is reference counted. NULLing it will only remove it if the reference count for the object happens to be exactly 1. The object however, can be also referenced in event listeners registered for nsWindowRoot. In theory the event listener chain should be removed by calling mChrome->RemoveEventHandler(), but the whole process is asynchronous. It posts tasks to the thread main loop to actuall remove the listeners. The proper fix for the issue should delay actual PEmbedListViewChild::Send__delete__ call until we get some notification from all the EmbedLitePuppetWidget children that they have been destroyed. This would require a bigger redesign of the code, however. This patch is a simple workaround that removes the chrome event handler as soon as we get window close request from gecko. This gives main loop a chance to process listener removal tasks before EmbedLiteViewThreadChild::RecvDestroy is called.
- Loading branch information