Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(712)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1006293002: Revert of Fix use-after-free in WebSocketHost::AddChannel() (Closed)

Created:
5 years, 9 months ago by hiroshige
Modified:
5 years, 9 months ago
Reviewers:
Adam Rice
CC:
darin-cc_chromium.org, jam
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Revert of Fix use-after-free in WebSocketHost::AddChannel() (patchset #3 id:40001 of https://codereview.chromium.org/998173003/) Reason for revert: Speculatively revert for https://crbug.com/467471 Original issue's description: > Fix heap-use-after-free in WebSocketHost::AddChannel() > > WebSocketHost can be deleted in channel_->SendAddChannelRequest() and this > caused heap-use-after-free when |pending_flow_control_quota_| is accessed in > WebSocketHost::AddChannel(). > This CL fixes it by posting OnFlowControl() with WeakPtr instead of calling > SendFlowControl() directly in WebSocketHost::AddChannel(). > > BUG=466335 > > Committed: https://crrev.com/d3a1d188162e45f75c87a218a70681c5d92139a8 > Cr-Commit-Position: refs/heads/master@{#320260} TBR=ricea@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=466335 Committed: https://crrev.com/4f078b9b59cbf2c1ea7098835c6488fa32d46474 Cr-Commit-Position: refs/heads/master@{#320703}

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+2 lines, -14 lines) Patch
M content/browser/renderer_host/websocket_host.cc View 2 chunks +2 lines, -14 lines 0 comments Download

Messages

Total messages: 5 (0 generated)
hiroshige
Created Revert of Fix use-after-free in WebSocketHost::AddChannel()
5 years, 9 months ago (2015-03-16 10:29:07 UTC) #1
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1006293002/1
5 years, 9 months ago (2015-03-16 10:29:16 UTC) #2
commit-bot: I haz the power
Committed patchset #1 (id:1)
5 years, 9 months ago (2015-03-16 10:29:42 UTC) #3
commit-bot: I haz the power
Patchset 1 (id:??) landed as https://crrev.com/4f078b9b59cbf2c1ea7098835c6488fa32d46474 Cr-Commit-Position: refs/heads/master@{#320703}
5 years, 9 months ago (2015-03-16 10:30:10 UTC) #4
hiroshige
5 years, 9 months ago (2015-03-16 12:56:46 UTC) #5
Message was sent while issue was closed. 
A revert of this CL (patchset #1 id:1) has been created in
https://codereview.chromium.org/1014543002/ by hiroshige@chromium.org.

The reason for reverting is: The breakage still persists
https://crbug.com/467471 after the original CL was reverted..

Powered by Google App Engine
This is Rietveld 408576698