Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(116)

Issue 500143002: Fixes possible use after free in SessionService (Closed)

Created:
5 years, 1 month ago by sky
Modified:
5 years, 1 month ago
Reviewers:
marja
CC:
chromium-reviews, marja+watch_chromium.org
Project:
chromium
Visibility:
Public.

Description

Fixes possible use after free in SessionService SessionService::GetLastSession used a base::Unretained but there was no guarantee that the SessionService would be valid by the time the callback was processed. BUG=399655 TEST=covered by test now R=marja@chromium.org Committed: https://crrev.com/1a14f497bd17d41d0e0ffceb1fb23dea507b8eae Cr-Commit-Position: refs/heads/master@{#291985}

Patch Set 1 #

Patch Set 2 : tweak #

Total comments: 1

Patch Set 3 : remove friend #

Unified diffs Side-by-side diffs Delta from patch set Stats (+76 lines, -11 lines) Patch
M chrome/browser/sessions/base_session_service.h View 1 2 1 chunk +1 line, -1 line 0 comments Download
M chrome/browser/sessions/base_session_service.cc View 1 chunk +2 lines, -5 lines 0 comments Download
M chrome/browser/sessions/session_service.h View 2 chunks +3 lines, -0 lines 0 comments Download
M chrome/browser/sessions/session_service.cc View 3 chunks +5 lines, -3 lines 0 comments Download
M chrome/browser/sessions/session_service_test_helper.h View 3 chunks +8 lines, -0 lines 0 comments Download
M chrome/browser/sessions/session_service_test_helper.cc View 1 2 chunks +6 lines, -0 lines 0 comments Download
M chrome/browser/sessions/session_service_unittest.cc View 3 chunks +51 lines, -2 lines 0 comments Download

Messages

Total messages: 13 (0 generated)
sky
5 years, 1 month ago (2014-08-25 17:15:42 UTC) #1
marja
lgtm A question (to understand this better): a base::Unretained is just a raw pointer, whereas ...
5 years, 1 month ago (2014-08-26 14:48:09 UTC) #2
sky
On 2014/08/26 14:48:09, marja wrote: > lgtm > > A question (to understand this better): ...
5 years, 1 month ago (2014-08-26 17:07:33 UTC) #3
sky
The CQ bit was checked by sky@chromium.org
5 years, 1 month ago (2014-08-26 17:07:43 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/sky@chromium.org/500143002/40001
5 years, 1 month ago (2014-08-26 17:08:35 UTC) #5
commit-bot: I haz the power
FYI, CQ is re-trying this CL (attempt #1). The failing builders are: win_chromium_rel_swarming on tryserver.chromium.win ...
5 years, 1 month ago (2014-08-26 18:12:08 UTC) #6
commit-bot: I haz the power
The CQ bit was unchecked by commit-bot@chromium.org
5 years, 1 month ago (2014-08-26 19:48:21 UTC) #7
commit-bot: I haz the power
Try jobs failed on following builders: win_chromium_rel_swarming on tryserver.chromium.win (http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_swarming/builds/5820)
5 years, 1 month ago (2014-08-26 19:48:22 UTC) #8
sky
The CQ bit was checked by sky@chromium.org
5 years, 1 month ago (2014-08-26 20:14:54 UTC) #9
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/sky@chromium.org/500143002/40001
5 years, 1 month ago (2014-08-26 20:16:10 UTC) #10
commit-bot: I haz the power
Committed patchset #3 (40001) as 10f17cea8bec78945740c83c85e6dd3002326d74
5 years, 1 month ago (2014-08-26 21:44:33 UTC) #11
marja
On 2014/08/26 17:07:33, sky wrote: > Search in base/bind_internal.h for weak_ptr. It only invoked the ...
5 years, 1 month ago (2014-08-27 07:11:21 UTC) #12
commit-bot: I haz the power
5 years, 1 month ago (2014-09-10 02:45:43 UTC) #13
Message was sent while issue was closed.
Patchset 3 (id:??) landed as
https://crrev.com/1a14f497bd17d41d0e0ffceb1fb23dea507b8eae
Cr-Commit-Position: refs/heads/master@{#291985}

Powered by Google App Engine
This is Rietveld 408576698