Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(588)

Unified Diff: components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc

Issue 2592653003: Avoid use-after-free in FormFetcherImpl (Closed)
Patch Set: Typos Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc
diff --git a/components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc b/components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..b25176a703ab134a5a1d7920b3e35dd2aacd5d37
--- /dev/null
+++ b/components/password_manager/core/browser/credential_manager_password_form_manager_unittest.cc
@@ -0,0 +1,78 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/password_manager/core/browser/credential_manager_password_form_manager.h"
+
+#include <memory>
+
+#include "base/macros.h"
+#include "base/memory/ptr_util.h"
+#include "base/message_loop/message_loop.h"
+#include "base/run_loop.h"
+#include "components/autofill/core/common/password_form.h"
+#include "components/password_manager/core/browser/fake_form_fetcher.h"
+#include "components/password_manager/core/browser/stub_form_saver.h"
+#include "components/password_manager/core/browser/stub_password_manager_client.h"
+#include "components/password_manager/core/browser/stub_password_manager_driver.h"
+#include "testing/gmock/include/gmock/gmock.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+using autofill::PasswordForm;
+using ::testing::Invoke;
+
+namespace password_manager {
+
+namespace {
+
+class MockDelegate : public CredentialManagerPasswordFormManagerDelegate {
+ public:
+ MOCK_METHOD0(OnProvisionalSaveComplete, void());
+};
+
+} // namespace
+
+class CredentialManagerPasswordFormManagerTest : public testing::Test {
+ public:
+ CredentialManagerPasswordFormManagerTest() = default;
+
+ protected:
+ // Necessary for callbacks, and for TestAutofillDriver.
+ base::MessageLoop message_loop_;
+
+ StubPasswordManagerClient client_;
+ StubPasswordManagerDriver driver_;
+
+ DISALLOW_COPY_AND_ASSIGN(CredentialManagerPasswordFormManagerTest);
+};
+
+// Test that aborting early does not cause use after free.
+TEST_F(CredentialManagerPasswordFormManagerTest, AbortEarly) {
+ PasswordForm observed_form;
+ MockDelegate delegate;
+ auto form_fetcher = base::MakeUnique<FakeFormFetcher>();
+ form_fetcher->Fetch();
+ CredentialManagerPasswordFormManager form_manager(
+ &client_, driver_.AsWeakPtr(), observed_form,
+ base::MakeUnique<PasswordForm>(observed_form), &delegate,
+ base::MakeUnique<StubFormSaver>(), form_fetcher.get());
+
+ auto deleter = [&form_fetcher]() { form_fetcher.reset(); };
+
+ // Simulate that the PasswordStore responded to the FormFetcher. As a result,
+ // |form_manager| should call the delegate's OnProvisionalSaveComplete, which
+ // in turn should delete |form_fetcher|.
+ EXPECT_CALL(delegate, OnProvisionalSaveComplete()).WillOnce(Invoke(deleter));
+ form_fetcher->SetNonFederated(std::vector<const PasswordForm*>(), 0u);
+ // Check that |form_fetcher| was not deleted yet; doing so would have caused
+ // use after free during SetNonFederated.
+ EXPECT_TRUE(form_fetcher);
+
+ base::RunLoop().RunUntilIdle();
+
+ // Ultimately, |form_fetcher| should have been deleted. It just should happen
+ // after it finishes executing.
+ EXPECT_FALSE(form_fetcher);
+}
+
+} // namespace password_manager

Powered by Google App Engine
This is Rietveld 408576698