ppapi/proxy/udp_socket_resource_base.cc - Issue 17247004: TCPSocket/UDPSocket: don't update internal state or access user buffers after Close().

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: ppapi/proxy/udp_socket_resource_base.cc

Issue 17247004: TCPSocket/UDPSocket: don't update internal state or access user buffers after Close(). (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 7 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: ppapi/proxy/udp_socket_resource_base.cc

diff --git a/ppapi/proxy/udp_socket_resource_base.cc b/ppapi/proxy/udp_socket_resource_base.cc

index 30608779bc08bfe8bc893a3e74097c83afe43edd..2ef5790705a23d44cb3444635a4375c860bcc81b 100644

--- a/ppapi/proxy/udp_socket_resource_base.cc

+++ b/ppapi/proxy/udp_socket_resource_base.cc

@@ -212,6 +212,9 @@ void UDPSocketResourceBase::CloseImpl() {

PostAbortIfNecessary(&bind_callback_);

PostAbortIfNecessary(&recvfrom_callback_);

PostAbortIfNecessary(&sendto_callback_);

+ read_buffer_ = NULL;

+ bytes_to_read_ = -1;

}

void UDPSocketResourceBase::PostAbortIfNecessary(

@@ -230,10 +233,13 @@ void UDPSocketResourceBase::OnPluginMsgSetOptionReply(

void UDPSocketResourceBase::OnPluginMsgBindReply(

const ResourceMessageReplyParams& params,

const PP_NetAddress_Private& bound_addr) {

- if (!TrackedCallback::IsPending(bind_callback_)) {

- NOTREACHED();

+ // It is possible that |bind_callback_| is pending while |closed_| is true:

+ // CloseImpl() has been called, but a BindReply came earlier than the task to

+ // in that case.

+ if (!TrackedCallback::IsPending(bind_callback_) || closed_)

return;

- }

if (params.result() == PP_OK)

bound_ = true;

bound_addr_ = bound_addr;

@@ -245,10 +251,13 @@ void UDPSocketResourceBase::OnPluginMsgRecvFromReply(

const ResourceMessageReplyParams& params,

const std::string& data,

const PP_NetAddress_Private& addr) {

- if (!TrackedCallback::IsPending(recvfrom_callback_)) {

- NOTREACHED();

+ // It is possible that |recvfrom_callback_| is pending while |read_buffer_| is

+ // NULL: CloseImpl() has been called, but a RecvFromReply came earlier than

+ // the task to abort |recvfrom_callback_|. We shouldn't access the buffer in

+ // that case. The user may have released it.

+ if (!TrackedCallback::IsPending(recvfrom_callback_) || !read_buffer_)

return;

- }

int32_t result = params.result();

if (result == PP_OK && output_addr) {

thunk::EnterResourceCreationNoLock enter(pp_instance());

@@ -279,10 +288,9 @@ void UDPSocketResourceBase::OnPluginMsgRecvFromReply(

void UDPSocketResourceBase::OnPluginMsgSendToReply(

const ResourceMessageReplyParams& params,

int32_t bytes_written) {

- if (!TrackedCallback::IsPending(sendto_callback_)) {

- NOTREACHED();

+ if (!TrackedCallback::IsPending(sendto_callback_))

return;

- }

if (params.result() == PP_OK)

sendto_callback_->Run(bytes_written);

else

« no previous file with comments | « no previous file | ppapi/shared_impl/tcp_socket_shared.cc » ('j') | no next file with comments »