Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(35)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2123093003: Fix file chooser on ChromeOS. (Closed)

Created:
4 years, 5 months ago by Charlie Reis
Modified:
4 years, 5 months ago
Reviewers:
nasko
CC:
chromium-reviews
Base URL:
https://chromium.googlesource.com/chromium/src.git@2785
Target Ref:
refs/pending/branch-heads/2785
Project:
chromium
Visibility:
Public.

Description

Fix file chooser on ChromeOS. A previous CL - https://codereview.chromium.org/2102883002/, introduced a bug specific to the ChromeOS version of the file chooser. It fixed a use-after-free bug by monitoring for RenderFrame deletions. However, on ChromeOS, the file picker is itself a RenderFrame and the code didn't account for nullifying the cached object only when they match. This CL fixes the issue by ensuring that the pointer is cleared only when the object being deleted matches. BUG=624956 Review-Url: https://codereview.chromium.org/2113353002 Cr-Commit-Position: refs/heads/master@{#403554} (cherry picked from commit 5e61b75ffa3c2fe805124b5969e8dff578510b99) Committed: https://chromium.googlesource.com/chromium/src/+/c9bd48036f5e78fdc8aee791d455256532d30c5b

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+4 lines, -2 lines) Patch
M chrome/browser/file_select_helper.cc View 1 chunk +4 lines, -2 lines 0 comments Download

Messages

Total messages: 4 (2 generated)
Charlie Reis
Merging to M53.
4 years, 5 months ago (2016-07-06 16:36:35 UTC) #2
Charlie Reis
4 years, 5 months ago (2016-07-06 16:40:32 UTC) #4
Message was sent while issue was closed. 
Committed patchset #1 (id:1) manually as
c9bd48036f5e78fdc8aee791d455256532d30c5b.

Powered by Google App Engine
This is Rietveld 408576698