Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(50)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 989313002: [Fallback icons] Redoing http://crrev.com/988863002/, fixing use-after-free bug. (Closed)

Created:
5 years, 9 months ago by huangs
Modified:
5 years, 9 months ago
Reviewers:
James Hawkins
CC:
chromium-reviews, Bence, Nico
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

[Fallback icons] Redoing http://crrev.com/988863002/, fixing use-after-free bug. http://crrev.com/988863002/ triggered use-after-free in ASAN because it passes ("#" + color_str).c_str() to FindColor() (which takes char*), then dereferences the returned pointer, which has been deallocated. This is a redo of the CL that fixes the problem. BUG=455063 Committed: https://crrev.com/bf33cc08aa8b255e082d0b0a242950d45693435d Cr-Commit-Position: refs/heads/master@{#319875}

Patch Set 1 #

Total comments: 4

Patch Set 2 : Comment fix; IsHexColorString() length check change. #

Total comments: 2

Patch Set 3 : Comment fix, add const. #

Patch Set 4 : Fix compile error. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+104 lines, -57 lines) Patch
M chrome/browser/ui/webui/fallback_icon_source.h View 1 chunk +4 lines, -4 lines 0 comments Download
M chrome/common/favicon/fallback_icon_url_parser.h View 1 chunk +2 lines, -2 lines 0 comments Download
M chrome/common/favicon/fallback_icon_url_parser.cc View 1 2 3 2 chunks +50 lines, -3 lines 0 comments Download
M chrome/common/favicon/fallback_icon_url_parser_unittest.cc View 11 chunks +48 lines, -48 lines 0 comments Download

Messages

Total messages: 11 (3 generated)
huangs
Attempt to land this after rollback, PTAL. The only changes are in fallback_icon_url_parser.cc: bool ParsedFallbackIconPath::ParseColor(). ...
5 years, 9 months ago (2015-03-09 20:04:02 UTC) #2
James Hawkins
https://codereview.chromium.org/989313002/diff/1/chrome/common/favicon/fallback_icon_url_parser.cc File chrome/common/favicon/fallback_icon_url_parser.cc (right): https://codereview.chromium.org/989313002/diff/1/chrome/common/favicon/fallback_icon_url_parser.cc#newcode20 chrome/common/favicon/fallback_icon_url_parser.cc:20: if (len != 3 && len != 4 && ...
5 years, 9 months ago (2015-03-09 20:27:38 UTC) #3
huangs
Updated, PTAL. https://codereview.chromium.org/989313002/diff/1/chrome/common/favicon/fallback_icon_url_parser.cc File chrome/common/favicon/fallback_icon_url_parser.cc (right): https://codereview.chromium.org/989313002/diff/1/chrome/common/favicon/fallback_icon_url_parser.cc#newcode20 chrome/common/favicon/fallback_icon_url_parser.cc:20: if (len != 3 && len != ...
5 years, 9 months ago (2015-03-09 20:44:56 UTC) #4
James Hawkins
LGTM with nit. https://codereview.chromium.org/989313002/diff/20001/chrome/common/favicon/fallback_icon_url_parser.cc File chrome/common/favicon/fallback_icon_url_parser.cc (right): https://codereview.chromium.org/989313002/diff/20001/chrome/common/favicon/fallback_icon_url_parser.cc#newcode20 chrome/common/favicon/fallback_icon_url_parser.cc:20: size_t kValidHexColorSizes[] = {3, 4, 6, ...
5 years, 9 months ago (2015-03-09 21:06:48 UTC) #5
huangs
Thanks! I'll commit after more tests. https://codereview.chromium.org/989313002/diff/20001/chrome/common/favicon/fallback_icon_url_parser.cc File chrome/common/favicon/fallback_icon_url_parser.cc (right): https://codereview.chromium.org/989313002/diff/20001/chrome/common/favicon/fallback_icon_url_parser.cc#newcode20 chrome/common/favicon/fallback_icon_url_parser.cc:20: size_t kValidHexColorSizes[] = ...
5 years, 9 months ago (2015-03-09 21:11:54 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/989313002/60001
5 years, 9 months ago (2015-03-10 14:02:51 UTC) #9
commit-bot: I haz the power
Committed patchset #4 (id:60001)
5 years, 9 months ago (2015-03-10 14:05:49 UTC) #10
commit-bot: I haz the power
5 years, 9 months ago (2015-03-10 14:06:25 UTC) #11
Message was sent while issue was closed. 
Patchset 4 (id:??) landed as
https://crrev.com/bf33cc08aa8b255e082d0b0a242950d45693435d
Cr-Commit-Position: refs/heads/master@{#319875}

Powered by Google App Engine
This is Rietveld 408576698