Issue 149643002: BrowserPlugin: Allow stack to unwind before denying permission.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 149643002: BrowserPlugin: Allow stack to unwind before denying permission. (Closed)

Created:
6 years, 10 months ago by Fady Samuel

Modified:
6 years, 10 months ago

Reviewers:
Tom Sepez

CC:
chromium-reviews, joi+watch-content_chromium.org, darin-cc_chromium.org, jam

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Visibility:
Public.

More Reviews

Description

BrowserPlugin: Allow stack to unwind before denying permission. This prevents a use-after-free bug where it is possible WebContentsImpl attempts to access a newly created window after BrowserPluginGuest has freed it because the permission was instantly denied. This can happen if BrowserPluginGuest has no delegate: it's not a <webview> or <adview>. BUG=338345 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=247761

Patch Set 1 #

Patch Set 2 : Responses are ignored if guest is freed #

Patch Set 3 : Removed unnecessary explicit #

Created: 6 years, 10 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+74 lines, -52 lines)			Patch
	M	content/browser/browser_plugin/browser_plugin_guest.cc	View	1 2	14 chunks	+74 lines, -52 lines	0 comments	Download

Messages

Total messages: 6 (0 generated)

Expand Messages | Collapse Messages

Tom Sepez

Security LGTM. Weak pointer does seem appropriate here.

6 years, 10 months ago (2014-01-29 18:41:03 UTC) #2

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/fsamuel@chromium.org/149643002/40001

6 years, 10 months ago (2014-01-29 18:45:42 UTC) #3

commit-bot: I haz the power

Retried try job too often on mac_rel for step(s) remoting_unittests http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=mac_rel&number=218075

6 years, 10 months ago (2014-01-29 19:12:14 UTC) #4

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/fsamuel@chromium.org/149643002/40001

6 years, 10 months ago (2014-01-29 19:18:32 UTC) #5

Message was sent while issue was closed.

Change committed as 247761

Expand Messages | Collapse Messages