Chromium Code Reviews
DescriptionFix stack-use-after-scope in ChromeOS OOBE handler.
What happens here (before the fix) is the following series of events:
1. display::Screen::GetScreen() returns Screen* pointer
2. Then GetPrimaryDisplay() returns Display value. This value is stored on the
stack and has the scope of just this line of the code. After that the compiler
is free to reuse the stack space (which it often does)
3. size() is called and returns a reference to a Display field. Once
Display goes out of scope (and destroyed), the reference saved in |size|
points to an already potentially reused memory, and not to what it meant to
refer to.
4. |size| is then used and AddressSanitizer with use-after-scope check
correctly points out to the issue.
The bug was found by AddressSanitizer with use-after-free check
enabled. It's currently being rolled out into Chrome, and this CL
is a part of a larger cleanup of existing failures.
BUG=649897
Review-Url: https://codereview.chromium.org/2643943003
Cr-Commit-Position: refs/heads/master@{#444812}
Committed: https://chromium.googlesource.com/chromium/src/+/d377464c5d3b7aaa13823000932c1a23f3c4d01c
Patch Set 1 #
Messages
Total messages: 12 (7 generated)
|
|||||||||||||||||||