Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(24)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2093423005: Fix nullptr dereference in MojoBindingsController (Closed)

Created:
4 years, 5 months ago by Ken Rockot(use gerrit already)
Modified:
4 years, 4 months ago
Reviewers:
jam
CC:
Aaron Boodman, abarth-chromium, ben+mojo_chromium.org, chromium-reviews, darin (slow to review), darin-cc_chromium.org, jam, mlamouri+watch-content_chromium.org, qsr+mojo_chromium.org, viettrungluu+watch_chromium.org, yzshen+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Fix nullptr dereference in MojoBindingsController Based on the DCHECK in RenderFrameImpl::runScriptsAtDocumentElementAvailable, it's possible for |frame_| to be null when calling MojoBindingsController::RunScriptsAtDocumentReady. The latter assumes this isn't possible and uses the result of GetWebFrame() without checking it. This CL fixes that to avoid a potential nullptr dereference. BUG=595875 R=jam@chromium.org

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+2 lines, -0 lines) Patch
M content/renderer/mojo_bindings_controller.cc View 1 chunk +2 lines, -0 lines 0 comments Download

Messages

Total messages: 3 (1 generated)
Ken Rockot(use gerrit already)
4 years, 5 months ago (2016-06-27 15:46:26 UTC) #1
Ken Rockot(use gerrit already)
4 years, 5 months ago (2016-06-27 20:58:09 UTC) #3 
Will hold off on this for now. dcheng@ thinks it may be a badly behaved observer
detaching the frame and will confirm soonish.

Powered by Google App Engine
This is Rietveld 408576698