ui/views/widget/desktop_aura/x11_whole_screen_move_loop.cc - Issue 796253002: Fix use-after-free when browser is closed during a drop-drop on desktop Linux

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: ui/views/widget/desktop_aura/x11_whole_screen_move_loop.cc

Issue 796253002: Fix use-after-free when browser is closed during a drop-drop on desktop Linux (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 12 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: ui/views/widget/desktop_aura/x11_whole_screen_move_loop.cc

diff --git a/ui/views/widget/desktop_aura/x11_whole_screen_move_loop.cc b/ui/views/widget/desktop_aura/x11_whole_screen_move_loop.cc

index 8c20313bf87401e6513e9d30177b3adbb7699d3e..f55e99e20384607725f988d84ace0f3361b3bc94 100644

--- a/ui/views/widget/desktop_aura/x11_whole_screen_move_loop.cc

+++ b/ui/views/widget/desktop_aura/x11_whole_screen_move_loop.cc

@@ -50,9 +50,8 @@ X11WholeScreenMoveLoop::X11WholeScreenMoveLoop(X11MoveLoopDelegate* delegate)

X11WholeScreenMoveLoop::~X11WholeScreenMoveLoop() {}

void X11WholeScreenMoveLoop::DispatchMouseMovement() {

- if (!weak_factory_.HasWeakPtrs())

+ if (!last_motion_in_screen_)

return;

- weak_factory_.InvalidateWeakPtrs();

delegate_->OnMouseMovement(last_motion_in_screen_->location(),

last_motion_in_screen_->flags(),

last_motion_in_screen_->time_stamp());

@@ -75,12 +74,13 @@ uint32_t X11WholeScreenMoveLoop::DispatchEvent(const ui::PlatformEvent& event) {

ui::EventType type = ui::EventTypeFromNative(xev);

switch (type) {

case ui::ET_MOUSE_MOVED:

- case ui::ET_MOUSE_DRAGGED:

+ case ui::ET_MOUSE_DRAGGED: {

+ bool dispatch_mouse_event = !last_motion_in_screen_.get();

last_motion_in_screen_.reset(

static_cast<ui::MouseEvent*>(ui::EventFromNative(xev).release()));

last_motion_in_screen_->set_location(

ui::EventSystemLocationFromNative(xev));

- if (!weak_factory_.HasWeakPtrs()) {

+ if (dispatch_mouse_event) {

// Post a task to dispatch mouse movement event when control returns to

// the message loop. This allows smoother dragging since the events are

// dispatched without waiting for the drag widget updates.

@@ -90,6 +90,7 @@ uint32_t X11WholeScreenMoveLoop::DispatchEvent(const ui::PlatformEvent& event) {

weak_factory_.GetWeakPtr()));

}

return ui::POST_DISPATCH_NONE;

+ }

case ui::ET_MOUSE_RELEASED: {

int button = (xev->type == ButtonRelease)

? xev->xbutton.button

@@ -167,6 +168,8 @@ bool X11WholeScreenMoveLoop::RunMoveLoop(aura::Window* source,

should_reset_mouse_flags_ = true;

}

+ base::WeakPtr<X11WholeScreenMoveLoop> alive(weak_factory_.GetWeakPtr());

in_move_loop_ = true;

canceled_ = false;

base::MessageLoopForUI* loop = base::MessageLoopForUI::current();

@@ -174,6 +177,10 @@ bool X11WholeScreenMoveLoop::RunMoveLoop(aura::Window* source,

base::RunLoop run_loop;

quit_closure_ = run_loop.QuitClosure();

run_loop.Run();

+ if (!alive)

+ return false;

nested_dispatcher_ = old_dispatcher.Pass();

return !canceled_;

}

« no previous file with comments | « ui/views/widget/desktop_aura/desktop_drag_drop_client_aurax11.cc ('k') | no next file » | no next file with comments »