|
|
Created:
3 years, 7 months ago by Guido Urdaneta Modified:
3 years, 7 months ago Reviewers:
hbos_chromium CC:
chromium-reviews, haraken, blink-reviews Target Ref:
refs/heads/master Project:
chromium Visibility:
Public. |
DescriptionPrevent access to null handler in RTCDataChannel.
BUG=717872, 717912
Review-Url: https://codereview.chromium.org/2888043003
Cr-Commit-Position: refs/heads/master@{#473566}
Committed: https://chromium.googlesource.com/chromium/src/+/50bbde70a79349d7c71655cb1042fa559fc4a568
Patch Set 1 #Patch Set 2 : Add unit tests #
Messages
Total messages: 30 (18 generated)
Description was changed from ========== Prevent access to null handler in RTCDataChannel. BUG=717872,717912 ========== to ========== Prevent access to null handler in RTCDataChannel. BUG=717872,717912 ==========
guidou@chromium.org changed reviewers: + hbos@chromium.org
Hi, PTAL
The CQ bit was checked by guidou@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
Can we add a test?
On 2017/05/17 18:27:25, haraken1 wrote: > Can we add a test? Will try to produce a test. haraken@: what's a good way to reproduce a call to the close (or any other) method after ContextDestroyed() is called?
On 2017/05/17 18:35:35, Guido Urdaneta wrote: > On 2017/05/17 18:27:25, haraken1 wrote: > > Can we add a test? > > Will try to produce a test. > haraken@: what's a good way to reproduce a call to the close (or any other) > method after ContextDestroyed() is called? You can probably explicitly remove an iframe and then access the window. win = iframe.contentWindow; iframe.remove(); // This calls ContextDestroyed(). win.func(); // Do whatever you want.
guidou@chromium.org changed reviewers: + haraken@chromium.org
guidou@chromium.org changed reviewers: - hbos@chromium.org
Couldn't reproduce the crashes with a Layout test, but used unit tests instead.
The CQ bit was checked by guidou@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
guidou@chromium.org changed reviewers: + hbos@chromium.org - haraken@chromium.org
hbos@: can you take a look
lgtm, but there are other methods using handler_ that could cause similar crashes. Can you file a bug to have these throw a javascript exception if !handler_?
The CQ bit was checked by guidou@chromium.org
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)
The CQ bit was checked by guidou@chromium.org
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
On 2017/05/22 09:58:58, hbos_chromium wrote: > lgtm, but there are other methods using handler_ that could cause similar > crashes. Can you file a bug to have these throw a javascript exception if > !handler_? Filed http://crbug.com/724992
CQ is committing da patch. Bot data: {"patchset_id": 20001, "attempt_start_ts": 1495451990877360, "parent_rev": "8e66bcf31b76b43d0ec6119ddba951bd58390c14", "commit_rev": "50bbde70a79349d7c71655cb1042fa559fc4a568"}
Message was sent while issue was closed.
Description was changed from ========== Prevent access to null handler in RTCDataChannel. BUG=717872,717912 ========== to ========== Prevent access to null handler in RTCDataChannel. BUG=717872,717912 Review-Url: https://codereview.chromium.org/2888043003 Cr-Commit-Position: refs/heads/master@{#473566} Committed: https://chromium.googlesource.com/chromium/src/+/50bbde70a79349d7c71655cb1042... ==========
Message was sent while issue was closed.
Committed patchset #2 (id:20001) as https://chromium.googlesource.com/chromium/src/+/50bbde70a79349d7c71655cb1042... |