Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(585)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 13584005: Fix use-after-free of Profile after it's been destroyed. (Closed)

Created:
7 years, 8 months ago by dmazzoni
Modified:
7 years, 8 months ago
Reviewers:
Lei Zhang
CC:
chromium-reviews, hashimoto+watch_chromium.org, aboxhall+watch_chromium.org, tfarina, yoshiki+watch_chromium.org, yuzo+watch_chromium.org, davidbarr+watch_chromium.org, dmazzoni+watch_chromium.org, dtseng+watch_chromium.org, ctguil+watch_chromium.org, zork+watch_chromium.org
Visibility:
Public.

Description

Fix use-after-free of Profile after it's been destroyed. Make AccessibilityEventRouterViews listen for NOTIFICATION_PROFILE_DESTROYED so that it can clear its most_recent_profile_ variable. Also fix call to g_browser_process->profile_manager()->GetLastUsedProfile() because I observed that profile_manager can sometimes be NULL during startup. Warn if no valid profile is found, but this is non-fatal as long as it's just a transient condition during startup/shutdown. BUG=223276 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=192302

Patch Set 1 #

Total comments: 4

Patch Set 2 : Address feedback #

Unified diffs Side-by-side diffs Delta from patch set Stats (+33 lines, -4 lines) Patch
M chrome/browser/ui/views/accessibility/accessibility_event_router_views.h View 1 4 chunks +12 lines, -1 line 0 comments Download
M chrome/browser/ui/views/accessibility/accessibility_event_router_views.cc View 1 4 chunks +21 lines, -3 lines 0 comments Download

Messages

Total messages: 8 (0 generated)
dmazzoni
Thanks again, this turned out to be a real bug.
7 years, 8 months ago (2013-04-03 21:16:43 UTC) #1
Lei Zhang
lgtm with some nits. https://codereview.chromium.org/13584005/diff/1/chrome/browser/ui/views/accessibility/accessibility_event_router_views.cc File chrome/browser/ui/views/accessibility/accessibility_event_router_views.cc (right): https://codereview.chromium.org/13584005/diff/1/chrome/browser/ui/views/accessibility/accessibility_event_router_views.cc#newcode114 chrome/browser/ui/views/accessibility/accessibility_event_router_views.cc:114: if (type == chrome::NOTIFICATION_PROFILE_DESTROYED) { ...
7 years, 8 months ago (2013-04-03 21:56:49 UTC) #2
dmazzoni
https://codereview.chromium.org/13584005/diff/1/chrome/browser/ui/views/accessibility/accessibility_event_router_views.cc File chrome/browser/ui/views/accessibility/accessibility_event_router_views.cc (right): https://codereview.chromium.org/13584005/diff/1/chrome/browser/ui/views/accessibility/accessibility_event_router_views.cc#newcode114 chrome/browser/ui/views/accessibility/accessibility_event_router_views.cc:114: if (type == chrome::NOTIFICATION_PROFILE_DESTROYED) { On 2013/04/03 21:56:49, Lei ...
7 years, 8 months ago (2013-04-03 22:02:29 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/dmazzoni@chromium.org/13584005/2004
7 years, 8 months ago (2013-04-03 22:02:55 UTC) #4
Lei Zhang
lgtm++
7 years, 8 months ago (2013-04-03 22:08:38 UTC) #5
commit-bot: I haz the power
Sorry for I got bad news for ya. Compile failed with a clobber build on ...
7 years, 8 months ago (2013-04-03 22:46:09 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/dmazzoni@chromium.org/13584005/2004
7 years, 8 months ago (2013-04-03 22:53:33 UTC) #7
commit-bot: I haz the power
7 years, 8 months ago (2013-04-04 11:39:21 UTC) #8
Message was sent while issue was closed. 
Change committed as 192302

Powered by Google App Engine
This is Rietveld 408576698