Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(80)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/download/save_file_manager.cc

Issue 1519283002: Fix a use-after-free of SaveFileCreateInfo in SaveFileManager. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Changing parameter declaration to const-ref. Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/download/save_file_manager.h ('k') | content/browser/download/save_package.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/download/save_file_manager.cc
diff --git a/content/browser/download/save_file_manager.cc b/content/browser/download/save_file_manager.cc
index 01874d0f6895684c63b8f167c479d5d1dfc5957d..268842975b162148f44f427a2031e009bd7536a7 100644
--- a/content/browser/download/save_file_manager.cc
+++ b/content/browser/download/save_file_manager.cc
@@ -47,6 +47,7 @@ void SaveFileManager::OnShutdown() {
}
SaveFile* SaveFileManager::LookupSaveFile(int save_item_id) {
+ DCHECK_CURRENTLY_ON(BrowserThread::FILE);
SaveFileMap::iterator it = save_file_map_.find(save_item_id);
return it == save_file_map_.end() ? NULL : it->second;
}
@@ -165,7 +166,7 @@ void SaveFileManager::StartSave(SaveFileCreateInfo* info) {
BrowserThread::PostTask(
BrowserThread::UI, FROM_HERE,
- base::Bind(&SaveFileManager::OnStartSave, this, info));
+ base::Bind(&SaveFileManager::OnStartSave, this, *info));
}
// We do forward an update to the UI thread here, since we do not use timer to
@@ -219,23 +220,23 @@ void SaveFileManager::SaveFinished(int save_item_id,
// Notifications sent from the file thread and run on the UI thread.
-void SaveFileManager::OnStartSave(const SaveFileCreateInfo* info) {
+void SaveFileManager::OnStartSave(const SaveFileCreateInfo& info) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
SavePackage* save_package = GetSavePackageFromRenderIds(
- info->render_process_id, info->render_frame_routing_id);
+ info.render_process_id, info.render_frame_routing_id);
if (!save_package) {
// Cancel this request.
- SendCancelRequest(info->save_item_id);
+ SendCancelRequest(info.save_item_id);
return;
}
// Insert started saving job to tracking list.
- SavePackageMap::iterator sit = packages_.find(info->save_item_id);
+ SavePackageMap::iterator sit = packages_.find(info.save_item_id);
DCHECK(sit == packages_.end());
- packages_[info->save_item_id] = save_package;
+ packages_[info.save_item_id] = save_package;
// Forward this message to SavePackage.
- save_package->StartSave(info);
+ save_package->StartSave(&info);
}
void SaveFileManager::OnUpdateSaveProgress(int save_item_id,
« no previous file with comments | « content/browser/download/save_file_manager.h ('k') | content/browser/download/save_package.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698