[Password Manager] |index| in requests to PasswordManagerPresenter might be out of bounds

chrome/browser/ui/passwords/password_manager_presenter.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/passwords/password_manager_presenter.h"
 
 #include <utility>
 
 #include "base/bind.h"
 #include "base/command_line.h"
@@ skipping 164 matching lines @@
   password_duplicates_.clear();
   password_exception_list_.clear();
   password_exception_duplicates_.clear();
 
   populater_.Populate();
   exception_populater_.Populate();
 }
 
 void PasswordManagerPresenter::RemoveSavedPassword(size_t index) {
   if (index >= password_list_.size()) {
-    // |index| out of bounds might come from a compromised renderer, don't let
-    // it crash the browser. http://crbug.com/362054
-    NOTREACHED();
+    // |index| out of bounds might come from a compromised renderer
+    // (http://crbug.com/362054), or the user removed a password while a request
+    // to the store is in progress (i.e. |password_list_| is empty).
+    // Don't let it crash the browser.
     return;
   }
   PasswordStore* store = GetPasswordStore();
   if (!store)
     return;
 
   RemoveDuplicates(*password_list_[index], languages_, &password_duplicates_,
                    store, true);
   store->RemoveLogin(*password_list_[index]);
   content::RecordAction(
       base::UserMetricsAction("PasswordManager_RemoveSavedPassword"));
 }
 
 void PasswordManagerPresenter::RemovePasswordException(size_t index) {
   if (index >= password_exception_list_.size()) {
-    // |index| out of bounds might come from a compromised renderer, don't let
-    // it crash the browser. http://crbug.com/362054
-    NOTREACHED();
+    // |index| out of bounds might come from a compromised renderer
+    // (http://crbug.com/362054), or the user removed a password exception while
+    // a request to the store is in progress (i.e. |password_exception_list_|
+    // is empty). Don't let it crash the browser.
     return;
   }
   PasswordStore* store = GetPasswordStore();
   if (!store)
     return;
   RemoveDuplicates(*password_exception_list_[index], languages_,
                    &password_exception_duplicates_, store, false);
   store->RemoveLogin(*password_exception_list_[index]);
   content::RecordAction(
       base::UserMetricsAction("PasswordManager_RemovePasswordException"));
 }
 
 void PasswordManagerPresenter::RequestShowPassword(size_t index) {
 #if !defined(OS_ANDROID)  // This is never called on Android.
   if (index >= password_list_.size()) {
-    // |index| out of bounds might come from a compromised renderer, don't let
-    // it crash the browser. http://crbug.com/362054
-    NOTREACHED();
+    // |index| out of bounds might come from a compromised renderer
+    // (http://crbug.com/362054), or the user requested to show a password while
+    // a request to the store is in progress (i.e. |password_list_|
+    // is empty). Don't let it crash the browser.
     return;
   }
   if ((base::TimeTicks::Now() - last_authentication_time_) >
       base::TimeDelta::FromSeconds(60)) {
     bool authenticated = true;
 #if defined(OS_WIN)
     authenticated = password_manager_util_win::AuthenticateUser(
         password_view_->GetNativeWindow());
 #elif defined(OS_MACOSX)
     authenticated = password_manager_util_mac::AuthenticateUser();
@@ skipping 24 matching lines @@
       index,
       origin_url,
       base::UTF16ToUTF8(password_list_[index]->username_value),
       password_list_[index]->password_value);
 #endif
 }
 
 const autofill::PasswordForm* PasswordManagerPresenter::GetPassword(
     size_t index) {
   if (index >= password_list_.size()) {
-    // |index| out of bounds might come from a compromised renderer, don't let
-    // it crash the browser. http://crbug.com/362054
-    NOTREACHED();
+    // |index| out of bounds might come from a compromised renderer
+    // (http://crbug.com/362054), or the user requested to get a password while
+    // a request to the store is in progress (i.e. |password_list_|
+    // is empty). Don't let it crash the browser.
     return NULL;
   }
   return password_list_[index].get();
 }
 
 const autofill::PasswordForm* PasswordManagerPresenter::GetPasswordException(
     size_t index) {
   if (index >= password_exception_list_.size()) {
-    // |index| out of bounds might come from a compromised renderer, don't let
-    // it crash the browser. http://crbug.com/362054
-    NOTREACHED();
+    // |index| out of bounds might come from a compromised renderer
+    // (http://crbug.com/362054), or the user requested to get a password
+    // exception while a request to the store is in progress (i.e.
+    // |password_exception_list_| is empty). Don't let it crash the browser.
     return NULL;
   }
   return password_exception_list_[index].get();
 }
 
 void PasswordManagerPresenter::SetPasswordList() {
   password_view_->SetPasswordList(password_list_);
 }
 
 void PasswordManagerPresenter::SetPasswordExceptionList() {
@@ skipping 81 matching lines @@
 void PasswordManagerPresenter::PasswordExceptionListPopulater::
     OnGetPasswordStoreResults(ScopedVector<autofill::PasswordForm> results) {
   page_->password_exception_list_ =
       password_manager_util::ConvertScopedVector(std::move(results));
   page_->SortEntriesAndHideDuplicates(
       page_->languages_, &page_->password_exception_list_,
       &page_->password_exception_duplicates_,
       false /* don't use username and password*/);
   page_->SetPasswordExceptionList();
 }