Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(37)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 376203002: Fixed use-after-free in LoadCallback in bookmark_storage.cc (Closed)

Created:
6 years, 5 months ago by Joao da Silva
Modified:
6 years, 5 months ago
CC:
chromium-reviews, tfarina, Cait (Slow)
Project:
chromium
Visibility:
Public.

Description

Fixed use-after-free in LoadCallback in bookmark_storage.cc Note: this is a reland of https://codereview.chromium.org/373153002/ after plugging a memory leak. BookmarkStorage isn't ref counted anymore since https://codereview.chromium.org/370323002, and the LoadCallback() task now gets a WeakPtr to the owning BookmarkStorage. However, it gets a raw pointer to the BookmarkLoadDetails object, which is still owned by BookmarkStorage and may have been destroyed when the background task runs. This happened on iOS tests after a recent merge. TBR=sky@chromium.org BUG=165760 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=282097

Patch Set 1 #

Patch Set 2 : fix circular reference #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+11 lines, -24 lines) Patch
M chrome/browser/bookmarks/chrome_bookmark_client.h View 1 2 chunks +0 lines, -2 lines 0 comments Download
M chrome/browser/bookmarks/chrome_bookmark_client.cc View 1 3 chunks +0 lines, -6 lines 1 comment Download
M components/bookmarks/browser/bookmark_storage.h View 2 chunks +1 line, -4 lines 0 comments Download
M components/bookmarks/browser/bookmark_storage.cc View 4 chunks +10 lines, -12 lines 0 comments Download

Messages

Total messages: 7 (0 generated)
Joao da Silva
Sigurõur, PTAL Cait, FYI https://codereview.chromium.org/376203002/diff/20001/chrome/browser/bookmarks/chrome_bookmark_client.cc File chrome/browser/bookmarks/chrome_bookmark_client.cc (left): https://codereview.chromium.org/376203002/diff/20001/chrome/browser/bookmarks/chrome_bookmark_client.cc#oldcode175 chrome/browser/bookmarks/chrome_bookmark_client.cc:175: ->GetBookmarkTaskRunner(), This is what caused ...
6 years, 5 months ago (2014-07-09 13:58:16 UTC) #1
Sigurður Ásgeirsson
lgtm - thanks for the quick re-fix!
6 years, 5 months ago (2014-07-09 14:02:39 UTC) #2
sky
LGTM
6 years, 5 months ago (2014-07-09 15:43:38 UTC) #3
Joao da Silva
The CQ bit was checked by joaodasilva@chromium.org
6 years, 5 months ago (2014-07-09 15:43:39 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/joaodasilva@chromium.org/376203002/20001
6 years, 5 months ago (2014-07-09 15:47:06 UTC) #5
commit-bot: I haz the power
FYI, CQ is re-trying this CL (attempt #1). The failing builders are: mac_chromium_rel on tryserver.chromium ...
6 years, 5 months ago (2014-07-09 16:57:03 UTC) #6
commit-bot: I haz the power
6 years, 5 months ago (2014-07-09 19:20:47 UTC) #7
Message was sent while issue was closed. 
Change committed as 282097

Powered by Google App Engine
This is Rietveld 408576698