Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(184)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1217803002: Protect readystatechange event dispatch on XMLHttpRequest. (Closed)

Created:
5 years, 5 months ago by yhirano
Modified:
5 years, 5 months ago
Reviewers:
sof
CC:
blink-reviews, tyoshino+watch_chromium.org
Target Ref:
refs/heads/master
Project:
blink
Visibility:
Public.

Description

Protect readystatechange event dispatch on XMLHttpRequest. XMLHttpRequestProgressEventThrottle::dispatchReadyStateChangeEvent may dispatch multiple events: a deferred progress event and the given ready state change. Multiple dispatching may lead to a use-after-free bug. This CL adds a protection for the event target. In addition to that, XMLHttpRequestProgressEventThrottle stops dispatching the latter event when dispatching the former event changes the readyState. BUG=505362 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=197983

Patch Set 1 #

Total comments: 2

Patch Set 2 : #

Unified diffs Side-by-side diffs Delta from patch set Stats (+18 lines, -7 lines) Patch
M Source/core/xmlhttprequest/XMLHttpRequest.cpp View 1 chunk +3 lines, -0 lines 0 comments Download
M Source/core/xmlhttprequest/XMLHttpRequestProgressEventThrottle.h View 4 chunks +4 lines, -4 lines 0 comments Download
M Source/core/xmlhttprequest/XMLHttpRequestProgressEventThrottle.cpp View 1 3 chunks +11 lines, -3 lines 0 comments Download

Messages

Total messages: 8 (3 generated)
yhirano
5 years, 5 months ago (2015-06-29 10:33:47 UTC) #2
sof
lgtm https://codereview.chromium.org/1217803002/diff/1/Source/core/xmlhttprequest/XMLHttpRequestProgressEventThrottle.cpp File Source/core/xmlhttprequest/XMLHttpRequestProgressEventThrottle.cpp (right): https://codereview.chromium.org/1217803002/diff/1/Source/core/xmlhttprequest/XMLHttpRequestProgressEventThrottle.cpp#newcode112 Source/core/xmlhttprequest/XMLHttpRequestProgressEventThrottle.cpp:112: // We don't dispatch the event when an ...
5 years, 5 months ago (2015-06-29 11:00:27 UTC) #3
yhirano
https://codereview.chromium.org/1217803002/diff/1/Source/core/xmlhttprequest/XMLHttpRequestProgressEventThrottle.cpp File Source/core/xmlhttprequest/XMLHttpRequestProgressEventThrottle.cpp (right): https://codereview.chromium.org/1217803002/diff/1/Source/core/xmlhttprequest/XMLHttpRequestProgressEventThrottle.cpp#newcode112 Source/core/xmlhttprequest/XMLHttpRequestProgressEventThrottle.cpp:112: // We don't dispatch the event when an event ...
5 years, 5 months ago (2015-06-29 11:43:47 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1217803002/20001
5 years, 5 months ago (2015-06-29 11:44:00 UTC) #7
commit-bot: I haz the power
5 years, 5 months ago (2015-06-29 12:38:54 UTC) #8
Message was sent while issue was closed. 
Committed patchset #2 (id:20001) as
https://src.chromium.org/viewvc/blink?view=rev&revision=197983

Powered by Google App Engine
This is Rietveld 408576698