Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(133)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1312123005: cc: Fix use-after-free in test. (Closed)

Created:
5 years, 3 months ago by sunnyps
Modified:
5 years, 3 months ago
Reviewers:
danakj
CC:
chromium-reviews, cc-bugs_chromium.org, glider+watch_chromium.org, bruening+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

cc: Fix use-after-free in test. The following sequence of events causes a crash in this test: 1. LayerTreeTest::RealEndTest is called when the test ends. 2. LayerTreeTest::layer_tree_host_ is set to nullptr. 3. A task posted by the FakeExternalBeginFrameSource runs before ThreadProxy::LayerTreeHostClosedOnImplThread is called. 4. We try to dereference LayerTreeTest::layer_tree_host_ by calling LayerTreeTest::ImplThreadTaskRunner. The fix is to simply not use LayerTreeTest::ImplThreadTaskRunner after the test has ended. BUG=476094 R=danakj CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel Committed: https://crrev.com/5f4f6a4984527f5fca0be5972e7f884180c770d9 Cr-Commit-Position: refs/heads/master@{#346297}

Patch Set 1 #

Total comments: 2

Patch Set 2 : danakj's review #

Total comments: 2

Patch Set 3 : comment #

Unified diffs Side-by-side diffs Delta from patch set Stats (+4 lines, -1 line) Patch
M cc/trees/layer_tree_host_unittest.cc View 1 2 1 chunk +4 lines, -0 lines 0 comments Download
M tools/valgrind/gtest_exclude/cc_unittests.gtest-drmemory_win32.txt View 1 chunk +0 lines, -1 line 0 comments Download

Messages

Total messages: 11 (2 generated)
sunnyps
PTAL
5 years, 3 months ago (2015-08-28 23:55:14 UTC) #1
sunnyps
PTAL
5 years, 3 months ago (2015-08-28 23:55:14 UTC) #2
danakj
https://codereview.chromium.org/1312123005/diff/1/cc/trees/layer_tree_host_unittest.cc File cc/trees/layer_tree_host_unittest.cc (right): https://codereview.chromium.org/1312123005/diff/1/cc/trees/layer_tree_host_unittest.cc#newcode2027 cc/trees/layer_tree_host_unittest.cc:2027: base::ThreadTaskRunnerHandle::Get()->PostTask( Could you just early out if TestEnded() ?
5 years, 3 months ago (2015-08-28 23:59:23 UTC) #3
sunnyps
PTAL https://codereview.chromium.org/1312123005/diff/1/cc/trees/layer_tree_host_unittest.cc File cc/trees/layer_tree_host_unittest.cc (right): https://codereview.chromium.org/1312123005/diff/1/cc/trees/layer_tree_host_unittest.cc#newcode2027 cc/trees/layer_tree_host_unittest.cc:2027: base::ThreadTaskRunnerHandle::Get()->PostTask( On 2015/08/28 23:59:23, danakj wrote: > Could ...
5 years, 3 months ago (2015-08-29 00:08:26 UTC) #4
danakj
https://codereview.chromium.org/1312123005/diff/20001/cc/trees/layer_tree_host_unittest.cc File cc/trees/layer_tree_host_unittest.cc (right): https://codereview.chromium.org/1312123005/diff/20001/cc/trees/layer_tree_host_unittest.cc#newcode2027 cc/trees/layer_tree_host_unittest.cc:2027: if (TestEnded()) Cool! Can you just leave a comment ...
5 years, 3 months ago (2015-08-29 00:15:05 UTC) #5
sunnyps
Thanks! https://codereview.chromium.org/1312123005/diff/20001/cc/trees/layer_tree_host_unittest.cc File cc/trees/layer_tree_host_unittest.cc (right): https://codereview.chromium.org/1312123005/diff/20001/cc/trees/layer_tree_host_unittest.cc#newcode2027 cc/trees/layer_tree_host_unittest.cc:2027: if (TestEnded()) On 2015/08/29 00:15:05, danakj wrote: > ...
5 years, 3 months ago (2015-08-29 00:30:52 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1312123005/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1312123005/40001
5 years, 3 months ago (2015-08-29 00:31:33 UTC) #9
commit-bot: I haz the power
Committed patchset #3 (id:40001)
5 years, 3 months ago (2015-08-29 01:44:17 UTC) #10
commit-bot: I haz the power
5 years, 3 months ago (2015-08-29 01:45:07 UTC) #11
Message was sent while issue was closed. 
Patchset 3 (id:??) landed as
https://crrev.com/5f4f6a4984527f5fca0be5972e7f884180c770d9
Cr-Commit-Position: refs/heads/master@{#346297}

Powered by Google App Engine
This is Rietveld 408576698