Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[fuchsia] Fix a use-after-free in WebEngineURLLoaderThrottle
It was assumed that all WebEngineURLLoaderThrottles would be destroyed before their corresponding RenderFrame was destroyed. This assumption is incorrect, resulting in a potential use-after-free when attempting to access a UrlRequestRulesReceiver. This object has its lifespan bound to a RenderFrameObserver and can be destroyed before all of the WebEngineURLLoaderThrottles that use it have been destroyed. This CL fixes the issue by passing the UrlRequestRewriteRules directly to the WebEngineURLLoaderThrottle constructor. As a result, URL requests in-flight while a user updates the rewrite rules will use the older version of the rewrite rules. We deem this change in behavior to be acceptable since such an occurrence is bound to be rare and the delay between a WebEngineURLLoaderThrottle creation and its actual use is bound to be short. This CL also modifies the logic a bit to skip creation of the throttle if there are no rewrite rules to apply at the time of the network request creation. Since the rules provider should now be accessed from the same thread in both the renderer and the browser process, the locks around accessing the rules have been removed. Instead, each throttle keeps a reference to a thread-safe ref-counted set of rules. Since this fix is still speculative, the extra logs for debugging this issue are left in place in this CL, until we get data confirming the crashes are no longer occurring. (cherry picked from commit 4c38547) Bug: 1181062 Change-Id: I580664f9ed2fdf9874e36b1cbc508c2301ef36e5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2812464 Commit-Queue: Fabrice de Gans-Riberi <fdegans@chromium.org> Commit-Queue: Kevin Marshall <kmarshall@chromium.org> Reviewed-by: Kevin Marshall <kmarshall@chromium.org> Reviewed-by: Wez <wez@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#870653} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2815225 Reviewed-by: Fabrice de Gans-Riberi <fdegans@chromium.org> Commit-Queue: Srinivas Sista <srinivassista@chromium.org> Cr-Commit-Position: refs/branch-heads/4471@{#2} Cr-Branched-From: f5ba97e-refs/heads/master@{#870382}
- Loading branch information
Showing
9 changed files
with
67 additions
and
122 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.