Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(40)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1471623003: components/metrics: Fix use-after-free in CallStackManager (Closed)

Created:
5 years, 1 month ago by Simon Que
Modified:
5 years ago
Reviewers:
Will Harris
CC:
chromium-reviews, asvitkine+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

components/metrics: Fix use-after-free in CallStackManager Fix a subtle use-after-free bug. See comments in code. BUG=382705 Signed-off-by: Simon Que <sque@chromium.org>;

Patch Set 1 #

Patch Set 2 : Use assign() instead of insert() for vector #

Patch Set 3 : Remove call stacks from container one at a time and free them after #

Unified diffs Side-by-side diffs Delta from patch set Stats (+7 lines, -2 lines) Patch
M components/metrics/leak_detector/call_stack_manager.cc View 1 2 2 chunks +7 lines, -2 lines 0 comments Download

Messages

Total messages: 5 (3 generated)
Simon Que
Fixes this memory bug: https://build.chromium.org/p/chromium.memory.fyi/builders/Chromium%20OS%20%28valgrind%29%286%29/builds/35526
5 years, 1 month ago (2015-11-22 23:42:43 UTC) #2
Simon Que
5 years ago (2015-12-01 01:21:27 UTC) #4
Message was sent while issue was closed. 
https://codereview.chromium.org/1471623003/diff/60001/components/metrics/leak...
File components/metrics/leak_detector/call_stack_manager.cc (right):

https://codereview.chromium.org/1471623003/diff/60001/components/metrics/leak...
components/metrics/leak_detector/call_stack_manager.cc:31: auto iter =
call_stacks_.find(&temp);
Does not work -- if we passed in a ScopedCallStack (aka scoped_ptr<CallStack>)
here, it would attempt to free the temporary CallStack.

https://codereview.chromium.org/1471623003/diff/60001/components/metrics/leak...
components/metrics/leak_detector/call_stack_manager.cc:45:
call_stacks_.insert(ScopedCallStack(call_stack).Pass());
I'm not sure what would be the proper syntax for inserting a scoped_ptr into
this container.

I've tried:
  .insert(ScopedCallStack(call_stack));
  .insert(std::move(ScopedCallStack(call_stack)));
  .insert(ScopedCallStack(call_stack).Pass());

They all fail to compile.

Powered by Google App Engine
This is Rietveld 408576698