Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(204)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1116833002: Fixed member use after destruction in BarrierClosure. (Closed)

Created:
5 years, 7 months ago by dzhioev (left Google)
Modified:
5 years, 7 months ago
Reviewers:
danakj
CC:
chromium-reviews, erikwright+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Fixed member use after destruction in BarrierClosure. If client releases BarrierClosure during |done_closure_| invocation, the closure is destructed together with BarrierInfo object that it owns. After that BarrierInfo tries to call |done_closure_.Reset()| which leads to SIGSEGV. Fixed that by saving |done_clusure| to a stack variable. BUG=none TEST=base_unittests --gtest_filter=BarrierClosureTest.KeepingClosureAliveUntilDone Committed: https://crrev.com/0a3f459d5d61443db9989db8201908bf68a684e9 Cr-Commit-Position: refs/heads/master@{#328669}

Patch Set 1 #

Total comments: 6

Patch Set 2 : Reset |done_closure_| #

Patch Set 3 : Added test case. #

Total comments: 8

Patch Set 4 : Comments addressed. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+52 lines, -7 lines) Patch
M base/barrier_closure.cc View 1 1 chunk +2 lines, -1 line 0 comments Download
M base/barrier_closure_unittest.cc View 1 2 3 1 chunk +50 lines, -6 lines 0 comments Download

Messages

Total messages: 11 (2 generated)
dzhioev (left Google)
Hello, please review.
5 years, 7 months ago (2015-04-30 02:18:39 UTC) #2
danakj
https://codereview.chromium.org/1116833002/diff/1/base/barrier_closure.cc File base/barrier_closure.cc (right): https://codereview.chromium.org/1116833002/diff/1/base/barrier_closure.cc#newcode31 base/barrier_closure.cc:31: base::Closure done_closure = done_closure_; Why no Reset still? Was ...
5 years, 7 months ago (2015-04-30 17:32:56 UTC) #3
dzhioev (left Google)
https://codereview.chromium.org/1116833002/diff/1/base/barrier_closure.cc File base/barrier_closure.cc (right): https://codereview.chromium.org/1116833002/diff/1/base/barrier_closure.cc#newcode31 base/barrier_closure.cc:31: base::Closure done_closure = done_closure_; On 2015/04/30 17:32:55, danakj wrote: ...
5 years, 7 months ago (2015-04-30 20:00:54 UTC) #4
danakj
https://codereview.chromium.org/1116833002/diff/40001/base/barrier_closure_unittest.cc File base/barrier_closure_unittest.cc (right): https://codereview.chromium.org/1116833002/diff/40001/base/barrier_closure_unittest.cc#newcode56 base/barrier_closure_unittest.cc:56: CHECK(!done_destructed); Use EXPECT_TRUE/EXPECT_FALSE instead of CHECK in tests https://codereview.chromium.org/1116833002/diff/40001/base/barrier_closure_unittest.cc#newcode61 ...
5 years, 7 months ago (2015-05-05 18:58:14 UTC) #5
dzhioev (left Google)
https://codereview.chromium.org/1116833002/diff/40001/base/barrier_closure_unittest.cc File base/barrier_closure_unittest.cc (right): https://codereview.chromium.org/1116833002/diff/40001/base/barrier_closure_unittest.cc#newcode56 base/barrier_closure_unittest.cc:56: CHECK(!done_destructed); On 2015/05/05 18:58:14, danakj wrote: > Use EXPECT_TRUE/EXPECT_FALSE ...
5 years, 7 months ago (2015-05-06 23:13:05 UTC) #6
danakj
LGTM
5 years, 7 months ago (2015-05-06 23:15:10 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1116833002/60001
5 years, 7 months ago (2015-05-06 23:25:35 UTC) #9
commit-bot: I haz the power
Committed patchset #4 (id:60001)
5 years, 7 months ago (2015-05-07 01:05:47 UTC) #10
commit-bot: I haz the power
5 years, 7 months ago (2015-05-07 01:06:30 UTC) #11
Message was sent while issue was closed. 
Patchset 4 (id:??) landed as
https://crrev.com/0a3f459d5d61443db9989db8201908bf68a684e9
Cr-Commit-Position: refs/heads/master@{#328669}

Powered by Google App Engine
This is Rietveld 408576698