Issue 23498018: [Resource Timing] Fix potential double free problem

Issue 23498018: [Resource Timing] Fix potential double free problem (Closed)

Created:
7 years, 3 months ago by pan deng

Modified:
7 years, 3 months ago

Reviewers:
Nate Chapin, inferno, abarth-chromium, lifeasageek, tonyg, simonjam

CC:
blink-reviews, dglazkov+blink, eae+blinkwatch

Base URL:
https://chromium.googlesource.com/chromium/blink.git@master

Visibility:
Public.

More Reviews

Description

[Resource Timing] Fix potential double free problem Currently, ResourceTimingInfoMap in ResourceFetcher releases a ResourceTimingInfo after a resource is reported. If when blink is in reporting a resource entry, which lead to buffer full and immediately invoke "window.stop()" as callback, it will dive into ResourceFetcher::didLoadResource again, and release the memory in a nested. After that,the outer double free the memory as it just report the entry. This patch remove ResourceTiming from map ealier and prevent the double free case. Contributed by lifeasageek@gmail.com and pan.deng@intel.com BUG=286414 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=157760

Patch Set 1 #

Patch Set 2 : Add layout test #

Created: 7 years, 3 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+25 lines, -1 line)			Patch
A	LayoutTests/http/tests/misc/stop-loading-on-resource-timing-buffer-full-crash.html	View	1	1 chunk	+23 lines, -0 lines	0 comments	Download
A	LayoutTests/http/tests/misc/stop-loading-on-resource-timing-buffer-full-crash-expected.txt	View	1	1 chunk	+1 line, -0 lines	0 comments	Download
M	Source/core/fetch/ResourceFetcher.cpp	View		1 chunk	+1 line, -1 line	0 comments	Download