Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(930)

Issue 2537303003: Fix memory corruption related to load blocking resource move (Closed)

Created:
3 years, 9 months ago by Yoav Weiss
Modified:
3 years, 9 months ago
Reviewers:
bokan, Charlie Harrison
CC:
chromium-reviews, tyoshino+watch_chromium.org, gavinp+loader_chromium.org, blink-reviews, loading-reviews+fetch_chromium.org, Nate Chapin
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Fix memory corruption related to load blocking resource move This fixes an issue where a resource loader belonging to one ResourceFetcher was accidentally added as a blocking loader to another ResourceFetcher, by checking the loader is part of the already non-blocking loaders belonging to current ResourceFetcher. This also adds DCHECKs on a couple of methods removing loaders from hashmaps, to make sure we're not trying to remove a nullptr. BUG=666563 Committed: https://crrev.com/7497990e6eb19dc8dd61de4f188553c9c054cef9 Cr-Commit-Position: refs/heads/master@{#435573}

Patch Set 1 #

Total comments: 4

Patch Set 2 : Added test #

Patch Set 3 : Added DCHECK #

Patch Set 4 : Fix test crash #

Patch Set 5 : CHECK #

Unified diffs Side-by-side diffs Delta from patch set Stats (+31 lines, -0 lines) Patch
M third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp View 1 2 3 4 3 chunks +5 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/core/fetch/ResourceFetcherTest.cpp View 1 2 3 1 chunk +26 lines, -0 lines 0 comments Download

Messages

Total messages: 38 (20 generated)
Yoav Weiss
Hey Charlie, This fixes an issue David found related to insufficient checks when moving resourceLoaders ...
3 years, 9 months ago (2016-11-30 14:03:36 UTC) #4
Yoav Weiss
On 2016/11/30 14:03:36, Yoav Weiss wrote: > Hey Charlie, > > This fixes an issue ...
3 years, 9 months ago (2016-11-30 14:05:21 UTC) #5
bokan
This fixes the immediate issue, but is there an underlying bug? How do we get ...
3 years, 9 months ago (2016-11-30 14:29:03 UTC) #6
Yoav Weiss
On 2016/11/30 14:29:03, bokan wrote: > This fixes the immediate issue, but is there an ...
3 years, 9 months ago (2016-11-30 14:49:23 UTC) #7
bokan
Got it, thanks. Patch looks fine to me, just needs a test. https://codereview.chromium.org/2537303003/diff/1/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp File third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp ...
3 years, 9 months ago (2016-11-30 14:52:42 UTC) #8
Charlie Harrison
Yeah, this problem has come up before in subtle ways. We don't want a Resource ...
3 years, 9 months ago (2016-11-30 14:54:41 UTC) #9
Yoav Weiss
Added a test https://codereview.chromium.org/2537303003/diff/1/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp File third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp (right): https://codereview.chromium.org/2537303003/diff/1/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp#newcode1286 third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp:1286: m_loaders.remove(loader); On 2016/11/30 14:52:42, bokan wrote: ...
3 years, 9 months ago (2016-11-30 16:11:42 UTC) #14
Charlie Harrison
https://codereview.chromium.org/2537303003/diff/1/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp File third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp (right): https://codereview.chromium.org/2537303003/diff/1/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp#newcode1286 third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp:1286: m_loaders.remove(loader); On 2016/11/30 16:11:42, Yoav Weiss wrote: > On ...
3 years, 9 months ago (2016-11-30 16:51:33 UTC) #15
bokan
https://codereview.chromium.org/2537303003/diff/1/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp File third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp (right): https://codereview.chromium.org/2537303003/diff/1/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp#newcode1286 third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp:1286: m_loaders.remove(loader); On 2016/11/30 16:51:33, Charlie Harrison wrote: > On ...
3 years, 9 months ago (2016-11-30 17:01:22 UTC) #16
Yoav Weiss
On 2016/11/30 17:01:22, bokan wrote: > https://codereview.chromium.org/2537303003/diff/1/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp > File third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp (right): > > https://codereview.chromium.org/2537303003/diff/1/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp#newcode1286 > ...
3 years, 9 months ago (2016-11-30 17:06:28 UTC) #19
Charlie Harrison
Handling DCHECK failures is against the style guide. We should add a temporary CHECK if ...
3 years, 9 months ago (2016-11-30 17:09:16 UTC) #20
bokan
On 2016/11/30 17:09:16, Charlie Harrison wrote: > Handling DCHECK failures is against the style guide. ...
3 years, 9 months ago (2016-11-30 17:11:47 UTC) #21
Charlie Harrison
On 2016/11/30 17:11:47, bokan wrote: > On 2016/11/30 17:09:16, Charlie Harrison wrote: > > Handling ...
3 years, 9 months ago (2016-11-30 17:15:23 UTC) #22
bokan
lgtm
3 years, 9 months ago (2016-11-30 22:51:23 UTC) #31
Charlie Harrison
lgtm too
3 years, 9 months ago (2016-12-01 01:30:04 UTC) #32
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2537303003/80001
3 years, 9 months ago (2016-12-01 07:08:37 UTC) #34
commit-bot: I haz the power
Committed patchset #5 (id:80001)
3 years, 9 months ago (2016-12-01 07:13:54 UTC) #36
commit-bot: I haz the power
3 years, 9 months ago (2016-12-01 07:16:54 UTC) #38
Message was sent while issue was closed.
Patchset 5 (id:??) landed as
https://crrev.com/7497990e6eb19dc8dd61de4f188553c9c054cef9
Cr-Commit-Position: refs/heads/master@{#435573}

Powered by Google App Engine
This is Rietveld 408576698