See https://crash.corp.google.com/browse?q=reportid=%27551c63d1f6abb057%27 for details.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d0d9e62436823911602eb0f09c8161a0b23dc918 commit d0d9e62436823911602eb0f09c8161a0b23dc918 Author: Scott Violet <sky@chromium.org> Date: Fri Jan 05 00:56:57 2018 views: fix possible UAF in MenuButton MenuButton::OnGestureEvent calls Activate(). Activate() may result in deleting the MenuButton. Activate() deals with this, but not OnGestureEvent(). This fixs OnGestureEvent() to early out if the MenuButton is destroyed. BUG= 799296 TEST=covered by test Change-Id: Icdfc4be9caa3dab12d337d98343365257e5e587d Reviewed-on: https://chromium-review.googlesource.com/851070 Reviewed-by: Elliot Glaysher <erg@chromium.org> Commit-Queue: Scott Violet <sky@chromium.org> Cr-Commit-Position: refs/heads/master@{#527177} [modify] https://crrev.com/d0d9e62436823911602eb0f09c8161a0b23dc918/ui/views/controls/button/menu_button.cc [modify] https://crrev.com/d0d9e62436823911602eb0f09c8161a0b23dc918/ui/views/controls/button/menu_button.h [modify] https://crrev.com/d0d9e62436823911602eb0f09c8161a0b23dc918/ui/views/controls/button/menu_button_unittest.cc
Comment 1 by bugdroid1@chromium.org
, Jan 5 2018