Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(523)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1276763002: Avoid UAF in PepperUDP/TCPSocketMessageFilter (Closed)

Created:
5 years, 4 months ago by raymes
Modified:
5 years, 4 months ago
Reviewers:
bbudge
CC:
chromium-reviews, darin-cc_chromium.org, jam, chrome-apps-syd-reviews_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Avoid UAF in PepperUDP/TCPSocketMessageFilter We were trying to access BrowserPpapiHost or ResourceHost after they may have been destroyed. Instead cache IsPotentiallySecurePluginContext in an instance variable to report in UMA. BUG=515943 Committed: https://crrev.com/2ee190edb17da8bedaae4d640887e243d26087d3 Cr-Commit-Position: refs/heads/master@{#342261}

Patch Set 1 #

Patch Set 2 : #

Unified diffs Side-by-side diffs Delta from patch set Stats (+16 lines, -7 lines) Patch
M content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.h View 1 chunk +2 lines, -0 lines 0 comments Download
M content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc View 1 3 chunks +7 lines, -3 lines 0 comments Download
M content/browser/renderer_host/pepper/pepper_udp_socket_message_filter.h View 1 chunk +2 lines, -0 lines 0 comments Download
M content/browser/renderer_host/pepper/pepper_udp_socket_message_filter.cc View 2 chunks +5 lines, -4 lines 0 comments Download

Messages

Total messages: 17 (8 generated)
raymes
5 years, 4 months ago (2015-08-06 01:17:13 UTC) #3
commit-bot: I haz the power
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1276763002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1276763002/1
5 years, 4 months ago (2015-08-06 01:17:23 UTC) #4
commit-bot: I haz the power
Dry run: Try jobs failed on following builders: linux_chromium_gn_dbg on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_gn_dbg/builds/100537) linux_chromium_gn_rel on ...
5 years, 4 months ago (2015-08-06 01:35:24 UTC) #6
commit-bot: I haz the power
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1276763002/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1276763002/20001
5 years, 4 months ago (2015-08-06 01:46:50 UTC) #10
commit-bot: I haz the power
Dry run: Try jobs failed on following builders: win_chromium_x64_rel_ng on tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_rel_ng/builds/87171)
5 years, 4 months ago (2015-08-06 03:29:09 UTC) #12
bbudge
lgtm
5 years, 4 months ago (2015-08-06 18:24:26 UTC) #13
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1276763002/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1276763002/20001
5 years, 4 months ago (2015-08-07 00:12:42 UTC) #15
commit-bot: I haz the power
Committed patchset #2 (id:20001)
5 years, 4 months ago (2015-08-07 01:46:43 UTC) #16
commit-bot: I haz the power
5 years, 4 months ago (2015-08-07 01:47:22 UTC) #17
Message was sent while issue was closed. 
Patchset 2 (id:??) landed as
https://crrev.com/2ee190edb17da8bedaae4d640887e243d26087d3
Cr-Commit-Position: refs/heads/master@{#342261}

Powered by Google App Engine
This is Rietveld 408576698