Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(11)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 535683002: Fix use-after-free in HDDDTC shutdown (Closed)

Created:
6 years, 3 months ago by Nicolas Zea
Modified:
6 years, 3 months ago
Reviewers:
maniscalco
CC:
chromium-reviews, tim+watch_chromium.org, haitaol+watch_chromium.org, zea+watch_chromium.org, maniscalco+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Project:
chromium
Visibility:
Public.

Description

Fix use-after-free in HDDDTC shutdown We were trying to unregister the HistoryDeleteDirective DTC at shutdown, but the DTC shutdown happens as part of the ProfileSyncService shutdown, and is destroyed after the observers_ object is destroyed. As such, there's no need to remove the observer. This patch also unreverts 6513171d7473b9eb60e1bf16369cf893daa33a07 Original codereview at https://codereview.chromium.org/534733002 BUG=409965 368834 Committed: https://crrev.com/40dbafab4cfef214d7a4bae22c8d698936ed6f5f Cr-Commit-Position: refs/heads/master@{#293824}

Patch Set 1 #

Total comments: 2

Patch Set 2 : Full diff #

Patch Set 3 : Change observer creation order #

Patch Set 4 : Make DTC only observer PSS events while type is running #

Patch Set 5 : Fix dcheck #

Patch Set 6 : Fix tests #

Unified diffs Side-by-side diffs Delta from patch set Stats (+435 lines, -209 lines) Patch
A chrome/browser/sync/glue/history_delete_directives_data_type_controller.h View 1 2 3 4 5 1 chunk +50 lines, -0 lines 0 comments Download
A chrome/browser/sync/glue/history_delete_directives_data_type_controller.cc View 1 2 3 4 5 1 chunk +69 lines, -0 lines 0 comments Download
M chrome/browser/sync/profile_sync_components_factory.h View 1 1 chunk +1 line, -2 lines 0 comments Download
M chrome/browser/sync/profile_sync_components_factory_impl.h View 1 1 chunk +1 line, -2 lines 0 comments Download
M chrome/browser/sync/profile_sync_components_factory_impl.cc View 1 5 chunks +9 lines, -11 lines 0 comments Download
M chrome/browser/sync/profile_sync_components_factory_mock.h View 1 1 chunk +2 lines, -4 lines 0 comments Download
M chrome/browser/sync/profile_sync_service.cc View 1 5 chunks +8 lines, -29 lines 0 comments Download
M chrome/browser/sync/profile_sync_service_autofill_unittest.cc View 1 2 chunks +2 lines, -3 lines 0 comments Download
M chrome/browser/sync/profile_sync_service_startup_unittest.cc View 1 9 chunks +11 lines, -13 lines 0 comments Download
M chrome/browser/sync/profile_sync_service_typed_url_unittest.cc View 1 1 chunk +1 line, -1 line 0 comments Download
M chrome/browser/sync/profile_sync_service_unittest.cc View 1 2 chunks +2 lines, -1 line 0 comments Download
M chrome/browser/sync/test/integration/sync_errors_test.cc View 1 2 chunks +27 lines, -6 lines 0 comments Download
M chrome/browser/sync/test_profile_sync_service.h View 1 1 chunk +1 line, -2 lines 0 comments Download
M chrome/chrome_browser.gypi View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M components/sync_driver/data_type_manager.h View 1 3 chunks +5 lines, -0 lines 0 comments Download
M components/sync_driver/data_type_manager_impl.h View 1 3 chunks +3 lines, -4 lines 0 comments Download
M components/sync_driver/data_type_manager_impl.cc View 1 12 chunks +27 lines, -22 lines 0 comments Download
M components/sync_driver/data_type_manager_impl_unittest.cc View 1 44 chunks +206 lines, -105 lines 0 comments Download
M components/sync_driver/data_type_manager_mock.h View 1 1 chunk +1 line, -0 lines 0 comments Download
M components/sync_driver/data_type_status_table.h View 1 1 chunk +1 line, -1 line 0 comments Download
M components/sync_driver/data_type_status_table.cc View 1 2 3 4 5 1 chunk +1 line, -0 lines 0 comments Download
M components/sync_driver/fake_data_type_controller.cc View 1 1 chunk +5 lines, -3 lines 0 comments Download

Messages

Total messages: 21 (7 generated)
Nicolas Zea
+Nick, PTAL. The first patchset contains the diff from the original patch.
6 years, 3 months ago (2014-09-02 22:50:03 UTC) #2
maniscalco
https://codereview.chromium.org/535683002/diff/1/chrome/browser/sync/glue/history_delete_directives_data_type_controller.cc File chrome/browser/sync/glue/history_delete_directives_data_type_controller.cc (right): https://codereview.chromium.org/535683002/diff/1/chrome/browser/sync/glue/history_delete_directives_data_type_controller.cc#newcode18 chrome/browser/sync/glue/history_delete_directives_data_type_controller.cc:18: ProfileSyncService* sync_service) So the problem was that sync_service_ was ...
6 years, 3 months ago (2014-09-02 23:26:23 UTC) #3
Nicolas Zea
PTAL https://codereview.chromium.org/535683002/diff/1/chrome/browser/sync/glue/history_delete_directives_data_type_controller.cc File chrome/browser/sync/glue/history_delete_directives_data_type_controller.cc (right): https://codereview.chromium.org/535683002/diff/1/chrome/browser/sync/glue/history_delete_directives_data_type_controller.cc#newcode18 chrome/browser/sync/glue/history_delete_directives_data_type_controller.cc:18: ProfileSyncService* sync_service) On 2014/09/02 23:26:23, maniscalco wrote: > ...
6 years, 3 months ago (2014-09-04 16:35:06 UTC) #4
Nicolas Zea
PTAL. LoadModels and StopModels are always called before the type is started and before the ...
6 years, 3 months ago (2014-09-05 00:08:45 UTC) #6
maniscalco
lgtm
6 years, 3 months ago (2014-09-05 15:51:24 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/zea@chromium.org/535683002/80001
6 years, 3 months ago (2014-09-05 17:05:16 UTC) #9
commit-bot: I haz the power
Try jobs failed on following builders: linux_chromium_gn_rel on tryserver.chromium.linux (http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_gn_rel/builds/12731)
6 years, 3 months ago (2014-09-05 17:21:55 UTC) #11
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/zea@chromium.org/535683002/100001
6 years, 3 months ago (2014-09-05 17:44:40 UTC) #13
commit-bot: I haz the power
Try jobs failed on following builders: linux_chromium_rel_swarming on tryserver.chromium.linux (http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_swarming/builds/13485)
6 years, 3 months ago (2014-09-05 19:09:25 UTC) #15
Nicolas Zea
Could you take a look at the last patchset? Turns out the integration tests weren't ...
6 years, 3 months ago (2014-09-08 19:00:14 UTC) #16
maniscalco
lgtm
6 years, 3 months ago (2014-09-08 21:57:55 UTC) #17
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/zea@chromium.org/535683002/120001
6 years, 3 months ago (2014-09-08 23:39:53 UTC) #19
commit-bot: I haz the power
Committed patchset #6 (id:120001) as dcd1016a2f07bfc1c4e918ed883a4e787b88107d
6 years, 3 months ago (2014-09-09 00:55:37 UTC) #20
commit-bot: I haz the power
6 years, 3 months ago (2014-09-10 03:49:22 UTC) #21
Message was sent while issue was closed. 
Patchset 6 (id:??) landed as
https://crrev.com/40dbafab4cfef214d7a4bae22c8d698936ed6f5f
Cr-Commit-Position: refs/heads/master@{#293824}

Powered by Google App Engine
This is Rietveld 408576698