Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(100)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/url_request/url_fetcher_core.cc

Issue 1732493002: Prevent URLFetcher::AppendChunkedData from dereferencing NULL pointers. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Merge Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/url_request/url_fetcher_core.h ('k') | net/url_request/url_fetcher_impl_unittest.cc » ('j') | net/url_request/url_request_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_fetcher_core.cc
diff --git a/net/url_request/url_fetcher_core.cc b/net/url_request/url_fetcher_core.cc
index ee1a3d8c83010938d4c6d10cedc3e69fd348384b..a91d28360687320a3004a08fae28da8359fc0be3 100644
--- a/net/url_request/url_fetcher_core.cc
+++ b/net/url_request/url_fetcher_core.cc
@@ -205,6 +205,7 @@ void URLFetcherCore::AppendChunkToUpload(const std::string& content,
bool is_last_chunk) {
DCHECK(delegate_task_runner_.get());
DCHECK(network_task_runner_.get());
+ DCHECK(is_chunked_upload_);
network_task_runner_->PostTask(
FROM_HERE,
base::Bind(&URLFetcherCore::CompleteAddingUploadDataChunk, this, content,
@@ -516,6 +517,14 @@ URLFetcherCore::~URLFetcherCore() {
void URLFetcherCore::StartOnIOThread() {
DCHECK(network_task_runner_->BelongsToCurrentThread());
+ // Create ChunkedUploadDataStream, if needed, so the consumer can start
+ // appending data. Have to do it here because StartURLRequest() may be called
+ // asynchonously.
+ if (is_chunked_upload_) {
+ chunked_stream_.reset(new ChunkedUploadDataStream(0));
+ chunked_stream_writer_ = chunked_stream_->CreateWriter();
+ }
+
if (!response_writer_)
response_writer_.reset(new URLFetcherStringWriter);
@@ -550,8 +559,11 @@ void URLFetcherCore::StartURLRequest() {
request_->set_stack_trace(stack_trace_);
int flags = request_->load_flags() | load_flags_;
- if (is_chunked_upload_)
- request_->EnableChunkedUpload();
+ // TODO(mmenke): This should really be with the other code to set the upload
+ // body, below.
+ if (chunked_stream_)
+ request_->set_upload(make_scoped_ptr(chunked_stream_.release()));
mef 2016/03/08 17:19:22 can this use std::move?
mmenke 2016/03/09 17:27:15 Done. For some reason, I was thinking std::move h
+
request_->SetLoadFlags(flags);
request_->SetReferrer(referrer_);
request_->set_referrer_policy(referrer_policy_);
@@ -835,17 +847,10 @@ base::TimeTicks URLFetcherCore::GetBackoffReleaseTime() {
void URLFetcherCore::CompleteAddingUploadDataChunk(
const std::string& content, bool is_last_chunk) {
- if (was_cancelled_) {
- // Since CompleteAddingUploadDataChunk() is posted as a *delayed* task, it
- // may run after the URLFetcher was already stopped.
- return;
- }
DCHECK(is_chunked_upload_);
- DCHECK(request_.get());
DCHECK(!content.empty());
- request_->AppendChunkToUpload(content.data(),
- static_cast<int>(content.length()),
- is_last_chunk);
+ chunked_stream_writer_->AppendData(
+ content.data(), static_cast<int>(content.length()), is_last_chunk);
}
int URLFetcherCore::WriteBuffer(scoped_refptr<DrainableIOBuffer> data) {
« no previous file with comments | « net/url_request/url_fetcher_core.h ('k') | net/url_request/url_fetcher_impl_unittest.cc » ('j') | net/url_request/url_request_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698