Issue 383263002: Fix a use after free crasher in the BrowserAccessibilityManagerWinTest.TestAccessibleHWND test.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 383263002: Fix a use after free crasher in the BrowserAccessibilityManagerWinTest.TestAccessibleHWND test. (Closed)

Created:
6 years, 5 months ago by ananta

Modified:
6 years, 5 months ago

Reviewers:
dmazzoni

CC:
chromium-reviews, plundblad+watch_chromium.org, aboxhall+watch_chromium.org, jam, yuzo+watch_chromium.org, darin-cc_chromium.org, dmazzoni+watch_chromium.org, dtseng+watch_chromium.org

Base URL:
svn://svn.chromium.org/chrome/trunk/src

Project:
chromium

Visibility:
Public.

More Reviews

Description

Fix a use after free crasher in the BrowserAccessibilityManagerWinTest.TestAccessibleHWND test. The crash occurs because a scoped_ptr instance which holds the TestLegacyRenderWidgetHostHWND class is left with a dangling pointer to the LegacyRenderWidgetHostHWND instance which is destroyed via DestroyWindow. Fix is to first reset the scoped_ptr which in turn destroys the legacy window and the instance. The DestroyWindow call is removed as it is not needed anymore. I also added a call to the CreateATLModuleIfNeeded helper function in BrowserAccessibility::Create as I was hitting a crash due to a NULL AtlModule. We do this already in the ctor of the BrowserAccessibilityManagerWin class. However that is too late as we have base classes which create COM objects. This crash only happens in the component builds. BUG=393228 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=282759

Patch Set 1 #

Created: 6 years, 5 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+6 lines, -2 lines)			Patch
	M	content/browser/accessibility/browser_accessibility_win.cc	View		2 chunks	+2 lines, -0 lines	0 comments	Download
	M	content/browser/accessibility/browser_accessibility_win_unittest.cc	View		1 chunk	+4 lines, -2 lines	0 comments	Download

Messages

Total messages: 5 (0 generated)

Expand Messages | Collapse Messages

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/ananta@chromium.org/383263002/1

6 years, 5 months ago (2014-07-11 20:51:29 UTC) #4

Message was sent while issue was closed.

Change committed as 282759

Expand Messages | Collapse Messages