Google Git
Sign in
chromium / chromium / src / 13337a12d7e73fabcd9ea993b56b16df7b6bfae1
commit13337a12d7e73fabcd9ea993b56b16df7b6bfae1[log] [tgz]
authorJoel Klinghed <the_jk@opera.com>Fri May 03 20:36:23 2019
committerCommit Bot <commit-bot@chromium.org>Fri May 03 20:36:23 2019
treed4ba65bc89ed3be189f04899815d176e0e8f18b6
parent5627cd881e969b32e7fe79b629dabcea5fa6c7f2 [diff]
Avoid calling a removed observer in PersonalDataManager

PersonalDataManager::NotifyPersonalDataObserver will call
OnPersonalDataChanged and often OnPersonalDataFinishedProfileTasks
on PersonalDataManagerObserver.

Trouble is that it does this in the same ObserverList loop.

So if PersonalDataManagerObserver implementation of OnPersonalDataChanged
calls PersonalDataManager::RemoveObserver(this) then it will still
be called on OnPersonalDataFinishedProfileTasks.

Worse, if PersonalDataManagerObserver deleted itself after removing
itself as an observer you now have a use-after-free calling a virtual
method on a destroyed object.

There are not currently any PersonalDataManagerObserver implementations
that I can find that has this problem.

Bug: 959172
Change-Id: I2bb0a625f5c3a847c5d035ccc57b5fdb349366b8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1594529
Commit-Queue: Joel Klinghed <the_jk@opera.com>
Reviewed-by: Parastoo Geranmayeh <parastoog@google.com>
Cr-Commit-Position: refs/heads/master@{#656489}
2 files changed
tree: d4ba65bc89ed3be189f04899815d176e0e8f18b6
  1. .clang-format
  2. .eslintrc.js
  3. .git-blame-ignore-revs
  4. .gitattributes
  5. .gitignore
  6. .gn
  7. .vpython
  8. AUTHORS
  9. BUILD.gn
  10. CODE_OF_CONDUCT.md
  11. DEPS
  12. ENG_REVIEW_OWNERS
  13. LICENSE
  14. LICENSE.chromium_os
  15. OWNERS
  16. PRESUBMIT.py
  17. PRESUBMIT_test.py
  18. PRESUBMIT_test_mocks.py
  19. README.md
  20. WATCHLISTS
  21. android_webview/
  22. apps/
  23. ash/
  24. base/
  25. build/
  26. build_overrides/
  27. buildtools/
  28. cc/
  29. chrome/
  30. chrome_elf/
  31. chromecast/
  32. chromeos/
  33. cloud_print/
  34. codereview.settings
  35. components/
  36. content/
  37. courgette/
  38. crypto/
  39. dbus/
  40. device/
  41. docs/
  42. extensions/
  43. fuchsia/
  44. gin/
  45. google_apis/
  46. google_update/
  47. gpu/
  48. headless/
  49. infra/
  50. ios/
  51. ipc/
  52. jingle/
  53. media/
  54. mojo/
  55. native_client_sdk/
  56. net/
  57. pdf/
  58. ppapi/
  59. printing/
  60. remoting/
  61. rlz/
  62. sandbox/
  63. services/
  64. skia/
  65. sql/
  66. storage/
  67. styleguide/
  68. testing/
  69. third_party/
  70. tools/
  71. ui/
  72. url/
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .