search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 1dfc595) | patch
Fix a null-pointer dereference in ChromeOS Bluetooth code.
commit847466627013483020c6683c303752b6fab97b97
authorisherman <isherman@chromium.org>
Wed, 11 Mar 2015 20:36:06 +0000 (11 13:36 -0700)
committerCommit bot <commit-bot@chromium.org>
Wed, 11 Mar 2015 20:37:00 +0000 (11 20:37 +0000)
tree1b410fc5dc0361be2f6e1e901dc8e017f428c52btree | snapshot (tar.gz zip)
parent1dfc595ffc753b6b1c99cca58e676e8b3e1bf6d8commit | diff
Fix a null-pointer dereference in ChromeOS Bluetooth code.

The code had undefined behavior, depending on what order the compiler chose to evaluate the arguments in.  Specifically, the call to RegisterProfile() required evaluation of two arguments: |profile->object_path()| and |base::Bind(success_callback, base::Passed(&profile))|.  If the latter was evaluated first, then |profile| would be null by the time that the prior was evaluated.

The crash stack is:

Program received signal SIGSEGV, Segmentation fault.
std::string::compare() const ()
StartsWithASCII()
dbus::IsValidObjectPath()
dbus::MessageWriter::AppendObjectPath()
chromeos::BluetoothProfileManagerClientImpl::RegisterProfile()
chromeos::BluetoothAdapterProfileChromeOS::Register()
chromeos::BluetoothAdapterChromeOS::UseProfile()
chromeos::BluetoothSocketChromeOS::RegisterProfile()

BUG=457978
TEST=(see bug, comment #14)
R=armansito@chromium.org, jamuraa@chromium.org

Review URL: https://codereview.chromium.org/997023002

Cr-Commit-Position: refs/heads/master@{#320139}
device/bluetooth/bluetooth_adapter_profile_chromeos.cc diff | blob | blame | history