Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(338)

Issue 2592653003: Avoid use-after-free in FormFetcherImpl (Closed)

Created:
4 years ago by vabr (Chromium)
Modified:
4 years ago
Reviewers:
vasilii
CC:
chromium-reviews, jam, gcasto+watchlist_chromium.org, darin-cc_chromium.org, vabr+watchlistpasswordmanager_chromium.org
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Avoid use-after-free in FormFetcherImpl Currently, FormFetcherImpl can get deleted during processing results from the PasswordStore, because the credential manager core code which owns it can hand itself off to UI code and get dropped. Detailed description of the use-after-free is in https://crbug.com/675178#c8. This CL fixes this issue inside CredentialManagerPasswordFormManager by not letting itself call a potentially self-deleting method inside CredentialManagerPasswordFormManager::ProcessMatches. BUG=675178, 621355 Committed: https://crrev.com/7d5047855d221120c1e79e0524f9b369327350d2 Cr-Commit-Position: refs/heads/master@{#440107}

Patch Set 1 #

Patch Set 2 : Fix iOS #

Patch Set 3 : Fix iOS #

Patch Set 4 : Just rebased #

Patch Set 5 : Posting CMPFM method instead of the delegate method #

Total comments: 13

Patch Set 6 : Improve #includes #

Patch Set 7 : FakeFormFetcher + .reset() #

Total comments: 4

Patch Set 8 : Typos #

Messages

Total messages: 41 (28 generated)
vabr (Chromium)
Hi Vasilii, Could I bother you with one more CL for review? Cheers, Vaclav
4 years ago (2016-12-20 13:56:05 UTC) #12
vasilii
Couple of general questions. - An object A owns (in all the senses: memory management ...
4 years ago (2016-12-20 15:36:37 UTC) #13
vabr (Chromium)
On 2016/12/20 15:36:37, vasilii wrote: > Couple of general questions. > - An object A ...
4 years ago (2016-12-20 15:46:08 UTC) #16
vabr (Chromium)
Hi Vasilii, Please take a look again. I used WeakFactory instead of deriving from SupportsWeakPtr ...
4 years ago (2016-12-21 09:21:38 UTC) #19
vasilii
https://codereview.chromium.org/2592653003/diff/80001/components/password_manager/content/browser/credential_manager_impl.cc File components/password_manager/content/browser/credential_manager_impl.cc (right): https://codereview.chromium.org/2592653003/diff/80001/components/password_manager/content/browser/credential_manager_impl.cc#newcode20 components/password_manager/content/browser/credential_manager_impl.cc:20: #include "components/password_manager/core/browser/form_saver.h" I think both headers are unused. https://codereview.chromium.org/2592653003/diff/80001/components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc ...
4 years ago (2016-12-21 11:00:49 UTC) #22
vabr (Chromium)
Thanks, Vasilii! I'm afraid I pushed back on most of the comments this time. I'm ...
4 years ago (2016-12-21 11:35:26 UTC) #25
vasilii
https://codereview.chromium.org/2592653003/diff/80001/components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc File components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc (right): https://codereview.chromium.org/2592653003/diff/80001/components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc#newcode73 components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc:73: form_fetcher->Fetch(); On 2016/12/21 11:35:25, vabr (Chromium) wrote: > On ...
4 years ago (2016-12-21 12:10:29 UTC) #26
vabr (Chromium)
Thanks, Vasilii! Please have another look. I addressed also your comment about FakeFormFetcher, which you ...
4 years ago (2016-12-21 13:41:23 UTC) #31
vasilii
lgtm https://codereview.chromium.org/2592653003/diff/120001/components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc File components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc (right): https://codereview.chromium.org/2592653003/diff/120001/components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc#newcode64 components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc:64: // in turn should delete |form_manager|. It should ...
4 years ago (2016-12-21 13:55:30 UTC) #32
vabr (Chromium)
Thanks! https://codereview.chromium.org/2592653003/diff/120001/components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc File components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc (right): https://codereview.chromium.org/2592653003/diff/120001/components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc#newcode64 components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc:64: // in turn should delete |form_manager|. On 2016/12/21 ...
4 years ago (2016-12-21 13:59:20 UTC) #33
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2592653003/140001
4 years ago (2016-12-21 13:59:38 UTC) #36
commit-bot: I haz the power
Committed patchset #8 (id:140001)
4 years ago (2016-12-21 15:25:25 UTC) #39
commit-bot: I haz the power
4 years ago (2016-12-21 15:28:29 UTC) #41
Message was sent while issue was closed.
Patchset 8 (id:??) landed as
https://crrev.com/7d5047855d221120c1e79e0524f9b369327350d2
Cr-Commit-Position: refs/heads/master@{#440107}

Powered by Google App Engine
This is Rietveld 408576698