From c61d698b35bd1865e2a2d18063dd138785ca8ec2 Mon Sep 17 00:00:00 2001
From: Marshall Greenblatt <magreenblatt@gmail.com>
Date: Wed, 4 Mar 2015 19:24:58 +0000
Subject: [PATCH] Fix heap-use-after-free in
 CefBrowserMessageFilter::OnFrameFocused (issue #1567).

git-svn-id: https://chromiumembedded.googlecode.com/svn/branches/2272@2050 5089003a-bbd8-11dd-ad1f-f1f9622dbc98
---
 libcef/browser/browser_message_filter.cc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libcef/browser/browser_message_filter.cc b/libcef/browser/browser_message_filter.cc
index e66aded8a..bc7fe4b60 100644
--- a/libcef/browser/browser_message_filter.cc
+++ b/libcef/browser/browser_message_filter.cc
@@ -35,6 +35,8 @@ void CefBrowserMessageFilter::OnFilterAdded(IPC::Sender* sender) {
 }
 
 void CefBrowserMessageFilter::OnFilterRemoved() {
+  host_ = NULL;
+  sender_ = NULL;
 }
 
 bool CefBrowserMessageFilter::OnMessageReceived(const IPC::Message& message) {
@@ -124,6 +126,9 @@ void CefBrowserMessageFilter::OnFrameFocused(int32 render_frame_routing_id) {
     return;
   }
 
+  if (!host_)
+    return;
+
   CefRefPtr<CefBrowserHostImpl> browser =
       CefBrowserHostImpl::GetBrowserForFrame(host_->GetID(),
                                              render_frame_routing_id);