Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2268603002: Avoid UAF on ConnectionFilter impls (Closed)

Created:
4 years, 4 months ago by Ken Rockot(use gerrit already)
Modified:
4 years, 4 months ago
CC:
chromium-reviews, darin-cc_chromium.org, jam, mlamouri+watch-content_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Avoid UAF on ConnectionFilter impls An incoming service connection may outlive any ConnectionFilter which added interfaces to it, so a ConnectionFilter impl must not register any interface binders which hold unsafe references to itself. This fixes cases where that was being done. BUG=639650 TBR=ben@chromium.org Committed: https://crrev.com/c6d602efe29592458c78ca2204450dbb5126751f Cr-Commit-Position: refs/heads/master@{#413462}

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+34 lines, -34 lines) Patch
M content/child/child_thread_impl.cc View 2 chunks +6 lines, -8 lines 0 comments Download
M content/public/common/connection_filter.h View 1 chunk +3 lines, -0 lines 0 comments Download
M content/renderer/mus/render_widget_window_tree_client_factory.cc View 4 chunks +11 lines, -11 lines 0 comments Download
M services/navigation/navigation.h View 4 chunks +5 lines, -7 lines 0 comments Download
M services/navigation/navigation.cc View 3 chunks +9 lines, -8 lines 0 comments Download

Messages

Total messages: 8 (4 generated)
Ken Rockot(use gerrit already)
The alternative would be to ensure ConnectionFilters live at least as long as the connections ...
4 years, 4 months ago (2016-08-22 16:37:03 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2268603002/1
4 years, 4 months ago (2016-08-22 16:37:41 UTC) #5
commit-bot: I haz the power
Committed patchset #1 (id:1)
4 years, 4 months ago (2016-08-22 17:22:24 UTC) #6
commit-bot: I haz the power
4 years, 4 months ago (2016-08-22 17:23:40 UTC) #8
Message was sent while issue was closed. 
Patchset 1 (id:??) landed as
https://crrev.com/c6d602efe29592458c78ca2204450dbb5126751f
Cr-Commit-Position: refs/heads/master@{#413462}

Powered by Google App Engine
This is Rietveld 408576698