Fix accessibility crash on view destruction, when a popup is open45-based

Scenario: have a QWebEngineView with a popup open. Close the
application window, while leaving the popup open.

When the QWebEngineView is destroyed, focus is removed from its
underlying QWindow, and on macOS this leads to an accessibility
notification to the still-alive RenderWidgetHostViewQt which was
created for the popup.
This notification is piped to Chromium, which essentially notifies
all WebContentsImpls to set the new accessibility mode.
Finally this leads to dereferencing a null pointer of the main view's
RenderFrameHostImpl object which was already destroyed.

Ideally, by this point, the popup RenderWidgetHostViewQt should not
exist, but because it is not parented to the main window RWHVQ, but
rather is destroyed sometime later after the main one, this fix is the
next best thing.

Change-Id: Iefdc1d25a5f311fa362da9f4c4cf0feef23d284b
Task-number: QTBUG-56386
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

1 files changed, 1 insertions, 1 deletions

diff --git a/chromium/content/browser/web_contents/web_contents_impl.cc b/chromium/content/browser/web_contents/web_contents_impl.cc
index 331e8794e2d..2ea2ab94b98 100644
--- a/chromium/content/browser/web_contents/web_contents_impl.cc
+++ b/chromium/content/browser/web_contents/web_contents_impl.cc
@@ -767,7 +767,7 @@ SkColor WebContentsImpl::GetThemeColor() const {
 }
 
 void WebContentsImpl::SetAccessibilityMode(AccessibilityMode mode) {
-  if (mode == accessibility_mode_)
+  if (mode == accessibility_mode_ || is_being_destroyed_)
     return;
 
   accessibility_mode_ = mode;