Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(477)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 6211005: Fixed crash in ResourceDispatcher::OnReceivedRedirect() (Closed)

Created:
9 years, 11 months ago by zel
Modified:
9 years, 6 months ago
Reviewers:
jam
CC:
chromium-reviews
Visibility:
Public.

Description

Fixed crash caused by ResourceDispatcher::OnReceivedRedirect() indirectly running a nested mesage loop in request_info->peer->OnReceivedRedirect() call. The loop might kill the instance of PendingRequestInfo what caused this crash. The fix simply checks for validity of PendingRequestInfo one more time within this OnReceivedRedirect() method. BUG=chromium:65345, chromium-os:10721 TEST=sign up with gmail, try to switch account to another one - there should be no crash. see http://crosbug.com/10721 for more detailed repro steps Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=71182

Patch Set 1 #

Patch Set 2 : '' #

Patch Set 3 : '' #

Patch Set 4 : '' #

Patch Set 5 : '' #

Unified diffs Side-by-side diffs Delta from patch set Stats (+5 lines, -0 lines) Patch
M chrome/common/resource_dispatcher.cc View 1 2 3 4 1 chunk +5 lines, -0 lines 0 comments Download

Messages

Total messages: 3 (0 generated)
zel
9 years, 11 months ago (2011-01-12 02:42:41 UTC) #1
jam
lgtm, please add a small comment in the code as it's not obvious when reading ...
9 years, 11 months ago (2011-01-12 05:48:01 UTC) #2
jam
9 years, 11 months ago (2011-01-12 08:08:23 UTC) #3 
also, while you have this reproducing, would be great to know exactly what
triggered the nested message loop.  that can cause other bugs.

On Tue, Jan 11, 2011 at 9:47 PM, John Abd-El-Malek <jam@chromium.org> wrote:

> lgtm, please add a small comment in the code as it's not obvious when
> reading the code
> On Jan 11, 2011 6:42 PM, <zelidrag@chromium.org> wrote:
> > Reviewers: John Abd-El-Malek,
> >
> > Description:
> > Fixed crash caused by ResourceDispatcher::OnReceivedRedirect() indirectly
> > running a nested mesage loop in request_info->peer->OnReceivedRedirect()
> > call.
> > The loop might kill the instance of PendingRequestInfo what caused this
> > crash.
> > The fix simply checks for validity of PendingRequestInfo one more time
> > within
> > this OnReceivedRedirect() method.
> >
> > BUG=chromium:65345, chromium-os:10721
> > TEST=sign up with gmail, try to switch account to another one - there
> > should be
> > no crash. see http://crosbug.com/10721 for more detailed repro steps
> >
> >
> > Please review this at http://codereview.chromium.org/6211005/
> >
> > SVN Base: svn://svn.chromium.org/chrome/trunk/src/
> >
> > Affected files:
> > M chrome/common/resource_dispatcher.cc
> >
> >
> > Index: chrome/common/resource_dispatcher.cc
> > ===================================================================
> > --- chrome/common/resource_dispatcher.cc (revision 71052)
> > +++ chrome/common/resource_dispatcher.cc (working copy)
> > @@ -402,6 +402,9 @@
> > if (request_info->peer->OnReceivedRedirect(new_url, info,
> >
> > &has_new_first_party_for_cookies,
> > &new_first_party_for_cookies))
> > {
> > + request_info = GetPendingRequestInfo(request_id);
> > + if (!request_info)
> > + return;
> > request_info->pending_redirect_message.reset(
> > new ViewHostMsg_FollowRedirect(routing_id, request_id,
> > has_new_first_party_for_cookies,
> >
> >
>

Powered by Google App Engine
This is Rietveld 408576698