Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(314)

Issue 2514323003: Fix UaF in RenderFrameImpl::OnBeforeUnload. (Closed)

Created:
2 years, 4 months ago by lfg
Modified:
2 years, 4 months ago
Reviewers:
Charlie Reis
CC:
chromium-reviews, nasko+codewatch_chromium.org, mlamouri+watch-content_chromium.org, jam, darin-cc_chromium.org, creis+watch_chromium.org, site-isolation-reviews_chromium.org
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Fix UaF in RenderFrameImpl::OnBeforeUnload. BUG=666714 Committed: https://crrev.com/0dd441a0007aa46917779e782ee9094f111a02b3 Cr-Commit-Position: refs/heads/master@{#434226}

Patch Set 1 #

Total comments: 1

Patch Set 2 : add test #

Patch Set 3 : fix linux build #

Total comments: 3

Patch Set 4 : add comments #

Unified diffs Side-by-side diffs Delta from patch set Stats (+64 lines, -2 lines) Patch
M content/renderer/render_frame_impl.cc View 1 chunk +6 lines, -2 lines 0 comments Download
M content/renderer/render_view_browsertest.cc View 1 2 3 1 chunk +58 lines, -0 lines 0 comments Download

Messages

Total messages: 29 (18 generated)
lfg
Charlie, please take a look.
2 years, 4 months ago (2016-11-21 21:57:44 UTC) #4
Charlie Reis
[CC dcheng] Thanks-- I'm ok with this as a quick defense for this case, but ...
2 years, 4 months ago (2016-11-21 23:17:14 UTC) #5
lfg
On 2016/11/21 23:17:14, Charlie Reis (slow) wrote: > [CC dcheng] > > Thanks-- I'm ok ...
2 years, 4 months ago (2016-11-22 00:32:43 UTC) #8
dcheng
On 2016/11/21 23:17:14, Charlie Reis (slow) wrote: > [CC dcheng] > > Thanks-- I'm ok ...
2 years, 4 months ago (2016-11-22 02:10:46 UTC) #9
lfg
Charlie, please take another look. I added a test that simulates a swap inside the ...
2 years, 4 months ago (2016-11-22 21:40:06 UTC) #12
Charlie Reis
Thanks for the test! LGTM. (We'll need a separate fix for 666616, right? Lets follow ...
2 years, 4 months ago (2016-11-23 07:07:00 UTC) #15
lfg
https://codereview.chromium.org/2514323003/diff/40001/content/renderer/render_view_browsertest.cc File content/renderer/render_view_browsertest.cc (right): https://codereview.chromium.org/2514323003/diff/40001/content/renderer/render_view_browsertest.cc#newcode2221 content/renderer/render_view_browsertest.cc:2221: std::unique_ptr<ConsoleCallbackFilter> callback_filter( On 2016/11/23 07:07:00, Charlie Reis (slow) wrote: ...
2 years, 4 months ago (2016-11-23 16:48:02 UTC) #18
Charlie Reis
https://codereview.chromium.org/2514323003/diff/40001/content/renderer/render_view_browsertest.cc File content/renderer/render_view_browsertest.cc (right): https://codereview.chromium.org/2514323003/diff/40001/content/renderer/render_view_browsertest.cc#newcode2221 content/renderer/render_view_browsertest.cc:2221: std::unique_ptr<ConsoleCallbackFilter> callback_filter( On 2016/11/23 16:48:02, lfg wrote: > On ...
2 years, 4 months ago (2016-11-23 17:47:11 UTC) #19
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2514323003/60001
2 years, 4 months ago (2016-11-23 18:11:48 UTC) #23
commit-bot: I haz the power
Committed patchset #4 (id:60001)
2 years, 4 months ago (2016-11-23 19:44:14 UTC) #27
commit-bot: I haz the power
2 years, 4 months ago (2016-11-23 19:48:11 UTC) #29
Message was sent while issue was closed.
Patchset 4 (id:??) landed as
https://crrev.com/0dd441a0007aa46917779e782ee9094f111a02b3
Cr-Commit-Position: refs/heads/master@{#434226}

Powered by Google App Engine
This is Rietveld 408576698