Chromium Code Reviews Chromium Code Reviews
Issue 1732493002:
Prevent URLFetcher::AppendChunkedData from dereferencing NULL pointers. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/url_request/url_fetcher_core.h |
| diff --git a/net/url_request/url_fetcher_core.h b/net/url_request/url_fetcher_core.h |
| index 9b4bba2c53b7fc1d5ce6c01bd92dbefd50286172..1f3d7fdde4b6e1ca811a7edb5493037fba04aecf 100644 |
| --- a/net/url_request/url_fetcher_core.h |
| +++ b/net/url_request/url_fetcher_core.h |
| @@ -18,6 +18,7 @@ |
| #include "base/memory/ref_counted.h" |
| #include "base/memory/scoped_ptr.h" |
| #include "base/timer/timer.h" |
| +#include "net/base/chunked_upload_data_stream.h" |
| #include "net/base/host_port_pair.h" |
| #include "net/http/http_request_headers.h" |
| #include "net/url_request/url_fetcher.h" |
| @@ -273,6 +274,14 @@ class URLFetcherCore : public base::RefCountedThreadSafe<URLFetcherCore>, |
| URLRequest::ReferrerPolicy referrer_policy_; |
| bool is_chunked_upload_; // True if using chunked transfer encoding |
|
mef
2016/03/03 16:49:32
do we need this bool or could it be replaced by ch
mmenke
2016/03/03 17:04:45
ChunkedUploadDataStreams are non-thread-safe, and
mef
2016/03/08 17:19:22
So, if URLFetcher is re-used, would we need to cre
mmenke
2016/03/09 17:35:00
Oops...Missed this. Yes, we would.
|
| + // Used to write to |chunked_stream|, even after ownership has been passed to |
| + // the URLRequest. Continues to be valid even after the request deletes its |
| + // upload data. |
| + scoped_ptr<ChunkedUploadDataStream::Writer> chunked_stream_writer_; |
| + |
| + // Temporary storage of ChunkedUploadDataStream, before request is created. |
| + scoped_ptr<ChunkedUploadDataStream> chunked_stream_; |
| + |
| // Used to determine how long to wait before making a request or doing a |
| // retry. |
| // |
