diff options
| author | dhollowa@chromium.org <dhollowa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-09-29 22:18:48 +0000 |
|---|---|---|
| committer | dhollowa@chromium.org <dhollowa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-09-29 22:18:48 +0000 |
| commit | 9503ca35d3f9ecd86f4766baf4ad9216fef70527 (patch) | |
| tree | aa63670ef4778ca470139b066a98dcaf14218949 /chrome/renderer/user_script_idle_scheduler.h | |
| parent | ac8d3cddcd7edecf01b2b9d3f4e4b34160f7fc44 (diff) | |
| download | chromium_src-9503ca35d3f9ecd86f4766baf4ad9216fef70527.zip chromium_src-9503ca35d3f9ecd86f4766baf4ad9216fef70527.tar.gz chromium_src-9503ca35d3f9ecd86f4766baf4ad9216fef70527.tar.bz2 | |
Render crash in FormManager::FindCachedFormElement()
To address the vulnerability of stale WebFrame pointers in the FormManager's cache this CL changes the cache from a map (with the WebFrame pointer as "key") to a flat vector of simplified "FormElement*" items.
To avoid leaking memory, we need to still observe |frameDetached|, and use that as a signal to reap any associated WebFormElements or WebFormControlElements.
BUG=48857
TEST=FormMananagerTest.*, and manual test of regular form filling, form filling a form with sub-iframes, and form filling a form with sub-frames.
Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=60949
Review URL: http://codereview.chromium.org/3492015
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@60999 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/renderer/user_script_idle_scheduler.h')
0 files changed, 0 insertions, 0 deletions