diff options
| -rw-r--r-- | chromium/ipc/ipc_mojo_bootstrap.cc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/chromium/ipc/ipc_mojo_bootstrap.cc b/chromium/ipc/ipc_mojo_bootstrap.cc index 7ab3e4fa8ea..616382cb8f9 100644 --- a/chromium/ipc/ipc_mojo_bootstrap.cc +++ b/chromium/ipc/ipc_mojo_bootstrap.cc @@ -596,9 +596,12 @@ class ChannelAssociatedGroupController void OnSyncMessageEventReady() { DCHECK(task_runner_->RunsTasksInCurrentSequence()); - scoped_refptr<Endpoint> keepalive(this); + // SUBTLE: The order of these scoped_refptrs matters. + // `controller_keepalive` MUST outlive `keepalive` because the Endpoint + // holds raw pointer to the AssociatedGroupController. scoped_refptr<AssociatedGroupController> controller_keepalive( controller_); + scoped_refptr<Endpoint> keepalive(this); base::AutoLock locker(controller_->lock_); bool more_to_process = false; if (!sync_messages_.empty()) { |