Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(18)

Issue 2673823002: display compositor: Fix a use-after-free when a frame sink is destroyed. (Closed)

Created:
3 years, 10 months ago by sadrul
Modified:
3 years, 10 months ago
Reviewers:
Fady Samuel
CC:
chromium-reviews, rjkroege
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

display compositor: Fix a use-after-free when a frame sink is destroyed. Make a copy of the sink-id before removing it from the map. This is because the id variable is owned by the GpuCompositorFrameSink in the map. So when the sink is removed from the map, the id is also destroyed. But the map can continue to iterate and try to use it. Making a copy of it avoids this. BUG=none Review-Url: https://codereview.chromium.org/2673823002 Cr-Commit-Position: refs/heads/master@{#447898} Committed: https://chromium.googlesource.com/chromium/src/+/60bd8863c89b4058872e1323173fbc3802efbcfc

Patch Set 1 #

Total comments: 4

Patch Set 2 : . #

Unified diffs Side-by-side diffs Delta from patch set Stats (+13 lines, -2 lines) Patch
M services/ui/surfaces/display_compositor.h View 1 1 chunk +7 lines, -0 lines 0 comments Download
M services/ui/surfaces/display_compositor.cc View 1 3 chunks +6 lines, -2 lines 0 comments Download

Messages

Total messages: 14 (8 generated)
sadrul
3 years, 10 months ago (2017-02-03 01:00:04 UTC) #3
Fady Samuel
https://codereview.chromium.org/2673823002/diff/1/services/ui/surfaces/display_compositor.cc File services/ui/surfaces/display_compositor.cc (right): https://codereview.chromium.org/2673823002/diff/1/services/ui/surfaces/display_compositor.cc#newcode54 services/ui/surfaces/display_compositor.cc:54: const cc::FrameSinkId& frame_sink_id, How about making this passed by ...
3 years, 10 months ago (2017-02-03 01:05:26 UTC) #5
sadrul
https://codereview.chromium.org/2673823002/diff/1/services/ui/surfaces/display_compositor.cc File services/ui/surfaces/display_compositor.cc (right): https://codereview.chromium.org/2673823002/diff/1/services/ui/surfaces/display_compositor.cc#newcode54 services/ui/surfaces/display_compositor.cc:54: const cc::FrameSinkId& frame_sink_id, On 2017/02/03 01:05:25, Fady Samuel wrote: ...
3 years, 10 months ago (2017-02-03 01:28:25 UTC) #8
Fady Samuel
lgtm
3 years, 10 months ago (2017-02-03 01:31:22 UTC) #9
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2673823002/20001
3 years, 10 months ago (2017-02-03 01:40:56 UTC) #11
commit-bot: I haz the power
3 years, 10 months ago (2017-02-03 03:24:11 UTC) #14
Message was sent while issue was closed.
Committed patchset #2 (id:20001) as
https://chromium.googlesource.com/chromium/src/+/60bd8863c89b4058872e1323173f...

Powered by Google App Engine
This is Rietveld 408576698