Google Git
Sign in
chromium / chromium / src.git / e85c8c90b6bb6f01149cfa603c5472a082f2719a
commite85c8c90b6bb6f01149cfa603c5472a082f2719a[log] [tgz]
authorHongchan Choi <[email protected]>Mon Jul 15 17:32:24 2019
committerHongchan Choi <[email protected]>Mon Jul 15 17:32:24 2019
treead6081e0c7523a08b1a214f03b33289d56ecf824
parent4d557a3e9e87627a202f35630b142e05d48d77c1 [diff]
Avoid accessing context's fields after destruction

AudioHandler::Context() returns an untraced raw pointer to the
context so checking its value might be pointing some non-null
garbage after the context is gone. In that case, invoking
GetExecutionContext() might return a pointer to some random
memory space.

By checking a local flag on ExecutionContext's validity,
we can avoid such memory access.

(cherry picked from commit 2e0071db3e8af7c47a9962353913ffd7b7436e13)

Bug: 977107
Test: ASAN build does not crash on a repro code with the fix.
Change-Id: I19020e019cc3d9d52de3bebbe23129e7dd7b0a5e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1693163
Reviewed-by: Kentaro Hara <[email protected]>
Commit-Queue: Hongchan Choi <[email protected]>
Cr-Original-Commit-Position: refs/heads/master@{#676431}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1701610
Reviewed-by: Hongchan Choi <[email protected]>
Cr-Commit-Position: refs/branch-heads/3809@{#843}
Cr-Branched-From: d82dec1a818f378c464ba307ddd9c92133eac355-refs/heads/master@{#665002}
1 file changed
tree: ad6081e0c7523a08b1a214f03b33289d56ecf824
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. media/
  32. mojo/
  33. native_client_sdk/
  34. net/
  35. pdf/
  36. ppapi/
  37. printing/
  38. remoting/
  39. rlz/
  40. sandbox/
  41. services/
  42. skia/
  43. sql/
  44. storage/
  45. styleguide/
  46. testing/
  47. third_party/
  48. tools/
  49. ui/
  50. url/
  51. .clang-format
  52. .eslintrc.js
  53. .git-blame-ignore-revs
  54. .gitattributes
  55. .gitignore
  56. .gn
  57. .vpython
  58. AUTHORS
  59. BUILD.gn
  60. CODE_OF_CONDUCT.md
  61. codereview.settings
  62. DEPS
  63. ENG_REVIEW_OWNERS
  64. LICENSE
  65. LICENSE.chromium_os
  66. OWNERS
  67. PRESUBMIT.py
  68. PRESUBMIT_test.py
  69. PRESUBMIT_test_mocks.py
  70. README.md
  71. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .