replace_first_of_two_waitableevents_in_creditcardaccessmanager.patch

cherry-pick-ac9dc1235e28.patch

cherry-pick-1227933.patch

cherry-pick-1231134.patch

cherry-pick-1233564.patch

cherry-pick-1234009.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001

From: Lei Zhang <thestig@chromium.org>

Date: Tue, 10 Aug 2021 21:38:36 +0000

Subject: Do more class validity checks in PrintViewManagerBase.

PrintViewManagerBase runs a nested loop. In some situations,

PrintViewManagerBase and related classes like PrintViewManager and

PrintPreviewHandler can get deleted while the nested loop is running.

When this happens, the nested loop exists to a PrintViewManagerBase

that is no longer valid.

Use base::WeakPtrs liberally to check for this condition and exit

safely.

(cherry picked from commit a2cb1fb333d2faacb2fe1380f8d2621b5ee6af7e)

Bug: 1231134

Change-Id: I21ec131574331ce973d22594c11e70088147e149

Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3057880

Reviewed-by: Alan Screen <awscreen@chromium.org>

Commit-Queue: Lei Zhang <thestig@chromium.org>

Cr-Original-Commit-Position: refs/heads/master@{#906269}

Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3086110

Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>

Cr-Commit-Position: refs/branch-heads/4515@{#2024}

Cr-Branched-From: 488fc70865ddaa05324ac00a54a6eb783b4bc41c-refs/heads/master@{#885287}

index b7a2fa5a10b2461e83d78fca63e3165d5eb1350f..9f11d5053ff19e4ccfdbe54e7f59e311da3c6e0a 100644

@@ -91,7 +91,11 @@ bool PrintViewManager::PrintForSystemDialogNow(

DCHECK(!on_print_dialog_shown_callback_);

on_print_dialog_shown_callback_ = std::move(dialog_shown_callback);

is_switching_to_system_dialog_ = true;

DisconnectFromCurrentPrintJob();

// Don't print / print preview crashed tabs.

if (IsCrashed())

index 8770b7bc60cb28d70cde3af8303939bf7ac27892..16c13724c397fade0eb64f9b5ec26c7bf51570ac 100644

@@ -130,6 +130,11 @@ class PrintViewManager : public PrintViewManagerBase,

WEB_CONTENTS_USER_DATA_KEY_DECL();

DISALLOW_COPY_AND_ASSIGN(PrintViewManager);

};

index 75908fc9978db020d752e7fc7211d1a075c11ffb..b896f69f3ec272001c5c6c0071bc23a3c9134d70 100644

@@ -192,7 +192,10 @@ bool PrintViewManagerBase::PrintNow(content::RenderFrameHost* rfh,

bool silent,

base::Value settings,

CompletionCallback callback) {

DisconnectFromCurrentPrintJob();

// Don't print / print preview crashed tabs.

if (IsCrashed())

@@ -625,6 +628,8 @@ bool PrintViewManagerBase::RenderAllMissingPagesNow() {

// or in DidPrintDocument(). The check is done in

// ShouldQuitFromInnerMessageLoop().

// BLOCKS until all the pages are received. (Need to enable recursive task)

if (!RunInnerMessageLoop()) {

// This function is always called from DisconnectFromCurrentPrintJob() so we

// know that the job will be stopped/canceled in any case.

@@ -651,8 +656,11 @@ bool PrintViewManagerBase::CreateNewPrintJob(

DCHECK(query);

if (callback_.is_null()) {

// Disconnect the current |print_job_| only when calling window.print()

DisconnectFromCurrentPrintJob();

}

// We can't print if there is no renderer.

@@ -681,7 +689,10 @@ bool PrintViewManagerBase::CreateNewPrintJob(

void PrintViewManagerBase::DisconnectFromCurrentPrintJob() {

// Make sure all the necessary rendered page are done. Don't bother with the

// return value.

bool result = RenderAllMissingPagesNow();

// Verify that assertion.

if (print_job_ && print_job_->document() &&

@@ -763,7 +774,10 @@ bool PrintViewManagerBase::RunInnerMessageLoop() {

quit_inner_loop_ = run_loop.QuitClosure();

run_loop.Run();

// If the inner-loop quit closure is still set then we timed out.

bool success = !quit_inner_loop_;

index 095d9dfcc3ee14b646b63c29e406434c1623704a..ed4c0ec98bb84753828d0649799077edc9796317 100644

@@ -115,6 +115,8 @@ class PrintViewManagerBase : public content::NotificationObserver,

// Makes sure the current print_job_ has all its data before continuing, and

// disconnect from it.

void DisconnectFromCurrentPrintJob();

// Manages the low-level talk to the printer.

@@ -168,6 +170,7 @@ class PrintViewManagerBase : public content::NotificationObserver,

// Requests the RenderView to render all the missing pages for the print job.

// No-op if no print job is pending. Returns true if at least one page has

// been requested to the renderer.

bool RenderAllMissingPagesNow();

// Checks that synchronization is correct with |print_job_| based on |cookie|.

@@ -201,6 +204,7 @@ class PrintViewManagerBase : public content::NotificationObserver,

// while the blocking inner message loop is running. This is useful in cases

// where the RenderView is about to be destroyed while a printing job isn't

// finished.

bool RunInnerMessageLoop();

// In the case of Scripted Printing, where the renderer is controlling the

index 2cea700c82790f696775ece3080662232326aabc..ab89b180e6f9586d6280d884f126fb46b278be04 100644

@@ -864,9 +864,12 @@ void PrintPreviewHandler::HandleShowSystemDialog(

if (!initiator)

return;

auto* print_view_manager = PrintViewManager::FromWebContents(initiator);

print_view_manager->PrintForSystemDialogNow(base::BindOnce(

&PrintPreviewHandler::ClosePreviewDialog, weak_factory_.GetWeakPtr()));

// Cancel the pending preview request if exists.

print_preview_ui()->OnCancelPendingPreviewRequest();