Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2116923002:
Avoid using stale UserScript pointers (Closed)
|
Created:
4 years, 5 months ago by robwu Modified:
4 years, 5 months ago CC:
chromium-apps-reviews_chromium.org, chromium-reviews, extensions-reviews_chromium.org Base URL:
https://chromium.googlesource.com/chromium/src.git@master Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionAvoid using stale UserScript pointers
BUG=625393
TEST=Manually. Compile Chrome with ASAN and follow the steps from the bug report.
Committed: https://crrev.com/a80776332fd8c99b58beab5d91a6675e85013628
Cr-Commit-Position: refs/heads/master@{#403725}
Patch Set 1 #Patch Set 2 : Remove browser test, see bug for details #
Total comments: 5
Messages
Total messages: 20 (7 generated)
Description was changed from ========== Avoid using stale UserScript pointers BUG=625393 ========== to ========== Avoid using stale UserScript pointers BUG=625393 TEST=Manually. Compile Chrome with ASAN and follow the steps from the bug report. ==========
rob@robwu.nl changed reviewers: + rdevlin.cronin@chromium.org
rob@robwu.nl changed reviewers: + rockot@chromium.org - rdevlin.cronin@chromium.org
-Devlin (OOO) +Rockot PTAL, thanks!
Please CC me on the bug so I can view it :)
lgtm
The CQ bit was checked by rob@robwu.nl
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Message was sent while issue was closed.
Description was changed from ========== Avoid using stale UserScript pointers BUG=625393 TEST=Manually. Compile Chrome with ASAN and follow the steps from the bug report. ========== to ========== Avoid using stale UserScript pointers BUG=625393 TEST=Manually. Compile Chrome with ASAN and follow the steps from the bug report. ==========
Message was sent while issue was closed.
Committed patchset #2 (id:20001)
Message was sent while issue was closed.
CQ bit was unchecked.
Message was sent while issue was closed.
Description was changed from ========== Avoid using stale UserScript pointers BUG=625393 TEST=Manually. Compile Chrome with ASAN and follow the steps from the bug report. ========== to ========== Avoid using stale UserScript pointers BUG=625393 TEST=Manually. Compile Chrome with ASAN and follow the steps from the bug report. Committed: https://crrev.com/a80776332fd8c99b58beab5d91a6675e85013628 Cr-Commit-Position: refs/heads/master@{#403725} ==========
Message was sent while issue was closed.
Patchset 2 (id:??) landed as https://crrev.com/a80776332fd8c99b58beab5d91a6675e85013628 Cr-Commit-Position: refs/heads/master@{#403725}
Message was sent while issue was closed.
rdevlin.cronin@chromium.org changed reviewers: + rdevlin.cronin@chromium.org
Message was sent while issue was closed.
sorry for the delay; 4th/5th were holidays in the US. https://codereview.chromium.org/2116923002/diff/20001/extensions/renderer/use... File extensions/renderer/user_script_injector.cc (right): https://codereview.chromium.org/2116923002/diff/20001/extensions/renderer/use... extensions/renderer/user_script_injector.cc:108: script_ = nullptr; We should call ScriptInjection::OnHostRemoved() when the extension is unloaded. If this only happens because of synchronous JS, would a simpler/cleaner solution be to check injection_host_ in ScriptInjection() after we inject JS, rather than adding a bunch of null checks here? (optionally, you could also do also do this and then (D)CHECK script_ in most places.)
Message was sent while issue was closed.
On 2016/07/06 15:22:22, Devlin (ooo - July 6) wrote: > sorry for the delay; 4th/5th were holidays in the US. No problem, you've added OOO to your name, so I didn't expect a reply any sooner. For a moment I forgot that it was July already, so I had moved the review to Ken. https://codereview.chromium.org/2116923002/diff/20001/extensions/renderer/use... File extensions/renderer/user_script_injector.cc (right): https://codereview.chromium.org/2116923002/diff/20001/extensions/renderer/use... extensions/renderer/user_script_injector.cc:108: script_ = nullptr; On 2016/07/06 15:22:22, Devlin (ooo - July 6) wrote: > We should call ScriptInjection::OnHostRemoved() when the extension is unloaded. > If this only happens because of synchronous JS, would a simpler/cleaner solution > be to check injection_host_ in ScriptInjection() after we inject JS, rather than > adding a bunch of null checks here? I considered it, but because the bug is only related to user scripts, I decided to put the checks in this class, without putting the burden of being aware of this subtlety on the user of the class.
Message was sent while issue was closed.
https://codereview.chromium.org/2116923002/diff/20001/extensions/renderer/use... File extensions/renderer/user_script_injector.cc (right): https://codereview.chromium.org/2116923002/diff/20001/extensions/renderer/use... extensions/renderer/user_script_injector.cc:108: script_ = nullptr; On 2016/07/06 16:12:06, robwu wrote: > On 2016/07/06 15:22:22, Devlin (ooo - July 6) wrote: > > We should call ScriptInjection::OnHostRemoved() when the extension is > unloaded. > > If this only happens because of synchronous JS, would a simpler/cleaner > solution > > be to check injection_host_ in ScriptInjection() after we inject JS, rather > than > > adding a bunch of null checks here? > > I considered it, but because the bug is only related to user scripts, I decided > to put the checks in this class, without putting the burden of being aware of > this subtlety on the user of the class. I think I'd prefer checking the host in ScriptInjection for two reasons: - We should be able to pinpoint when the host can be removed when synchronously injecting (due to blocking) - specifically right after JS injection happens - so there should only be a single check necessary. In this file, it's not immediately clear when script_ may or may not be null, and I can easily imagine that someone will forget the null check at some point. - This can actually affect programmatic scripts (e.g. tabs.executeScript) as well. While I don't think anything would necessarily break, I don't think we should be injecting or handling scripts for removed extensions in general.
Message was sent while issue was closed.
https://codereview.chromium.org/2116923002/diff/20001/extensions/renderer/use... File extensions/renderer/user_script_injector.cc (right): https://codereview.chromium.org/2116923002/diff/20001/extensions/renderer/use... extensions/renderer/user_script_injector.cc:108: script_ = nullptr; On 2016/07/06 16:17:58, Devlin wrote: > On 2016/07/06 16:12:06, robwu wrote: > > On 2016/07/06 15:22:22, Devlin (ooo - July 6) wrote: > > > We should call ScriptInjection::OnHostRemoved() when the extension is > > unloaded. > > > If this only happens because of synchronous JS, would a simpler/cleaner > > solution > > > be to check injection_host_ in ScriptInjection() after we inject JS, rather > > than > > > adding a bunch of null checks here? > > > > I considered it, but because the bug is only related to user scripts, I > decided > > to put the checks in this class, without putting the burden of being aware of > > this subtlety on the user of the class. > > I think I'd prefer checking the host in ScriptInjection for two reasons: > - We should be able to pinpoint when the host can be removed when synchronously > injecting (due to blocking) - specifically right after JS injection happens - so > there should only be a single check necessary. In this file, it's not > immediately clear when script_ may or may not be null, and I can easily imagine > that someone will forget the null check at some point. > - This can actually affect programmatic scripts (e.g. tabs.executeScript) as > well. While I don't think anything would necessarily break, I don't think we > should be injecting or handling scripts for removed extensions in general. That's a good one. I will submit a separate CL since the current patch already landed, and not injecting scripts after removal is a behavioral change (opposed to the current patch, which fixes the bug without other side effects).
Message was sent while issue was closed.
https://codereview.chromium.org/2116923002/diff/20001/extensions/renderer/use... File extensions/renderer/user_script_injector.cc (right): https://codereview.chromium.org/2116923002/diff/20001/extensions/renderer/use... extensions/renderer/user_script_injector.cc:108: script_ = nullptr; On 2016/07/06 16:26:57, robwu wrote: > On 2016/07/06 16:17:58, Devlin wrote: > > On 2016/07/06 16:12:06, robwu wrote: > > > On 2016/07/06 15:22:22, Devlin (ooo - July 6) wrote: > > > > We should call ScriptInjection::OnHostRemoved() when the extension is > > > unloaded. > > > > If this only happens because of synchronous JS, would a simpler/cleaner > > > solution > > > > be to check injection_host_ in ScriptInjection() after we inject JS, > rather > > > than > > > > adding a bunch of null checks here? > > > > > > I considered it, but because the bug is only related to user scripts, I > > decided > > > to put the checks in this class, without putting the burden of being aware > of > > > this subtlety on the user of the class. > > > > I think I'd prefer checking the host in ScriptInjection for two reasons: > > - We should be able to pinpoint when the host can be removed when > synchronously > > injecting (due to blocking) - specifically right after JS injection happens - > so > > there should only be a single check necessary. In this file, it's not > > immediately clear when script_ may or may not be null, and I can easily > imagine > > that someone will forget the null check at some point. > > - This can actually affect programmatic scripts (e.g. tabs.executeScript) as > > well. While I don't think anything would necessarily break, I don't think we > > should be injecting or handling scripts for removed extensions in general. > > That's a good one. I will submit a separate CL since the current patch already > landed, and not injecting scripts after removal is a behavioral change (opposed > to the current patch, which fixes the bug without other side effects). Sounds good, thanks! |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
