Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(501)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 148223009: Ensure calling Close and set_listener(NULL) on End(). (Closed)

Created:
6 years, 10 months ago by Jun Mukai
Modified:
6 years, 10 months ago
Reviewers:
keishi, Peter Kasting, sky
CC:
chromium-reviews, tfarina
Visibility:
Public.

Description

Ensure calling Close and set_listener(NULL) on End(). WebContentsImpl's dtor calls End() but it may not cause set_listener(NULL) in some case, which may cause a use-after-free. This CL always reset them at End(). This would mean DidEndColorChooser() may be called twice, so web_contents_ has to be reset to NULL once DidEndColorChooser() is called. BUG=338464 R=keishi@chromium.org Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=247917

Patch Set 1 #

Patch Set 2 : fix #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+1 line, -1 line) Patch
M chrome/browser/ui/views/color_chooser_aura.cc View 1 1 chunk +1 line, -1 line 2 comments Download

Messages

Total messages: 11 (0 generated)
Jun Mukai
6 years, 10 months ago (2014-01-28 20:42:10 UTC) #1
keishi
lgtm
6 years, 10 months ago (2014-01-28 20:58:21 UTC) #2
Jun Mukai
Peter, could you take a look at this?
6 years, 10 months ago (2014-01-28 21:00:05 UTC) #3
Jun Mukai
sky, could you review this? This fix would be urgent.
6 years, 10 months ago (2014-01-29 18:16:39 UTC) #4
sky
https://codereview.chromium.org/148223009/diff/20001/chrome/browser/ui/views/color_chooser_aura.cc File chrome/browser/ui/views/color_chooser_aura.cc (right): https://codereview.chromium.org/148223009/diff/20001/chrome/browser/ui/views/color_chooser_aura.cc#newcode37 chrome/browser/ui/views/color_chooser_aura.cc:37: void ColorChooserAura::End() { I'm not clear on the ownership ...
6 years, 10 months ago (2014-01-29 21:38:27 UTC) #5
Jun Mukai
https://codereview.chromium.org/148223009/diff/20001/chrome/browser/ui/views/color_chooser_aura.cc File chrome/browser/ui/views/color_chooser_aura.cc (right): https://codereview.chromium.org/148223009/diff/20001/chrome/browser/ui/views/color_chooser_aura.cc#newcode37 chrome/browser/ui/views/color_chooser_aura.cc:37: void ColorChooserAura::End() { On 2014/01/29 21:38:27, sky wrote: > ...
6 years, 10 months ago (2014-01-29 21:55:25 UTC) #6
sky
Ok, LGTM
6 years, 10 months ago (2014-01-29 22:01:59 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mukai@chromium.org/148223009/20001
6 years, 10 months ago (2014-01-29 22:05:25 UTC) #8
commit-bot: I haz the power
CQ bit was unchecked on CL. Ignoring.
6 years, 10 months ago (2014-01-30 03:04:29 UTC) #9
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mukai@chromium.org/148223009/20001
6 years, 10 months ago (2014-01-30 03:12:25 UTC) #10
commit-bot: I haz the power
6 years, 10 months ago (2014-01-30 10:23:48 UTC) #11
Message was sent while issue was closed. 
Change committed as 247917

Powered by Google App Engine
This is Rietveld 408576698