diff options
| author | mnissler@chromium.org <mnissler@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-08-12 08:08:01 +0000 |
|---|---|---|
| committer | mnissler@chromium.org <mnissler@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-08-12 08:08:01 +0000 |
| commit | 1805ab38079bcc3eb907233d313dd1c3330c824a (patch) | |
| tree | 4c2a842ccbc9c2001eeafacb4bb4d3f411d270fc | |
| parent | 82478fddbc14681442d09301dc4e9adf947d9468 (diff) | |
| download | chromium_src-1805ab38079bcc3eb907233d313dd1c3330c824a.zip chromium_src-1805ab38079bcc3eb907233d313dd1c3330c824a.tar.gz chromium_src-1805ab38079bcc3eb907233d313dd1c3330c824a.tar.bz2 | |
Merge 216477 "Fix crash in Kiosk Apps identity API with robot ac..."
> Fix crash in Kiosk Apps identity API with robot accounts.
>
> The current code would pass parameters to OnGetTokenSuccess() and
> OnGetTokenFailure() that were part of the request object. Things crashed
> if consuming code would delete the request and then still access the
> parameters later in the callback.
>
> BUG=chromium:269549
> TEST=Enterprise-managed Kiosk Apps don't crash on requesting access tokens.
> R=atwilson@chromium.org
>
> Review URL: https://chromiumcodereview.appspot.com/22575004
TBR=mnissler@chromium.org
Review URL: https://codereview.chromium.org/22788002
git-svn-id: svn://svn.chromium.org/chrome/branches/1547/src@216959 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/browser/chromeos/settings/device_oauth2_token_service.cc | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/chrome/browser/chromeos/settings/device_oauth2_token_service.cc b/chrome/browser/chromeos/settings/device_oauth2_token_service.cc index 1a6c81d..f7b1a59 100644 --- a/chrome/browser/chromeos/settings/device_oauth2_token_service.cc +++ b/chrome/browser/chromeos/settings/device_oauth2_token_service.cc @@ -193,13 +193,18 @@ void DeviceOAuth2TokenService::ValidatingConsumer::InformConsumer() { token_service_->OnValidationComplete(token_is_valid_); // Note: this object (which is also the Request instance) may be deleted in // these consumer callbacks, so the callbacks must be the last line executed. + // Also, make copies of the parameters passed to the consumer to avoid invalid + // memory accesses when the consumer deletes |this| immediately. if (!token_is_valid_) { consumer_->OnGetTokenFailure(this, GoogleServiceAuthError( GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS)); } else if (error_) { - consumer_->OnGetTokenFailure(this, *error_.get()); + GoogleServiceAuthError error_copy = *error_; + consumer_->OnGetTokenFailure(this, error_copy); } else { - consumer_->OnGetTokenSuccess(this, access_token_, expiration_time_); + std::string access_token_copy = access_token_; + base::Time expiration_time_copy = expiration_time_; + consumer_->OnGetTokenSuccess(this, access_token_copy, expiration_time_copy); } } |