Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(26)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 7127001: Fix user-after-free error with ObserverList. The problem is that if an ObserverListBase::Iterato... (Closed)

Created:
9 years, 6 months ago by jam
Modified:
9 years, 6 months ago
Reviewers:
Evan Martin
CC:
chromium-reviews, joi+watch-content_chromium.org, Paweł Hajdan Jr., brettw-cc_chromium.org
Visibility:
Public.

Description

Fix user-after-free error with ObserverList. The problem is that if an ObserverListBase::Iterator is on the stack and one of the observers deletes the object holding the list, Iterator's destructor will use the deleted list. BUG=84919 Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=88151

Patch Set 1 #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+39 lines, -17 lines) Patch
M base/observer_list.h View 4 chunks +11 lines, -7 lines 0 comments Download
M base/observer_list_unittest.cc View 1 chunk +23 lines, -0 lines 0 comments Download
M content/browser/renderer_host/render_view_host.cc View 1 chunk +5 lines, -10 lines 1 comment Download

Messages

Total messages: 2 (0 generated)
jam
9 years, 6 months ago (2011-06-07 01:22:00 UTC) #1
Evan Martin
9 years, 6 months ago (2011-06-07 18:01:50 UTC) #2 
LGTM

http://codereview.chromium.org/7127001/diff/1/content/browser/renderer_host/r...
File content/browser/renderer_host/render_view_host.cc (right):

http://codereview.chromium.org/7127001/diff/1/content/browser/renderer_host/r...
content/browser/renderer_host/render_view_host.cc:611: while ((observer =
it.GetNext()) != NULL)
curlies on this while loop

Powered by Google App Engine
This is Rietveld 408576698