| commit | 370bd9b522d2ccd4a3113d6c93d30cdf8ca502ef | |
| author | gavinp@chromium.org <gavinp@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | |
| Wed, 29 May 2013 08:26:06 +0000 (29 08:26 +0000) | ||
| committer | gavinp@chromium.org <gavinp@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | |
| Wed, 29 May 2013 08:26:06 +0000 (29 08:26 +0000) | ||
| tree | ba198b7f702eb3921adb1911feb69fb5ee271b80 | treesnapshot (tar.gz zip) |
| parent | 02a0911dfa3567e3597492b41c94dc7d48fb209c | commitdiff |
Protect WebURLLoaderImpl::Context while receiving responses.
A client's didReceiveResponse can cancel a request; by protecting the
Context we avoid a use after free in this case.
Interestingly, we really had very good warning about this problem, see
https://codereview.chromium.org/11900002/ back in January.
R=darin
BUG=241139
Review URL: https://chromiumcodereview.appspot.com/15738007
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@202821 0039d316-1c4b-4281-b951-d872f2087c98
A client's didReceiveResponse can cancel a request; by protecting the
Context we avoid a use after free in this case.
Interestingly, we really had very good warning about this problem, see
https://codereview.chromium.org/11900002/ back in January.
R=darin
BUG=241139
Review URL: https://chromiumcodereview.appspot.com/15738007
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@202821 0039d316-1c4b-4281-b951-d872f2087c98
| content/browser/webkit_browsertest.cc | diffblobblamehistory | |
| content/test/data/error-body-no-crash.html | [new file with mode: 0644] | blob |
| webkit/glue/weburlloader_impl.cc | diffblobblamehistory |