diff options
| author | tommi@chromium.org <tommi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-05-14 20:31:55 +0000 |
|---|---|---|
| committer | tommi@chromium.org <tommi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-05-14 20:31:55 +0000 |
| commit | 77d7aeebd314325c40d602bdaffe9342e3f4e29e (patch) | |
| tree | 803526d79f6418adc12b6a9cf3fc66bf02bd9907 /chrome_frame/urlmon_bind_status_callback.h | |
| parent | 29d6f5f2b19477cfef438f3e4a6ba762da6c7f25 (diff) | |
| download | chromium_src-77d7aeebd314325c40d602bdaffe9342e3f4e29e.zip chromium_src-77d7aeebd314325c40d602bdaffe9342e3f4e29e.tar.gz chromium_src-77d7aeebd314325c40d602bdaffe9342e3f4e29e.tar.bz2 | |
Candidate fix for bug 44108. The FromBindContext function was inherently racy as it returned a pointer to a non-addrefed pointer and the AddRef/Release implementation in the BindContextInfo was not thread safe.
Also fixed BSCBStorageBind object leak.
TEST=See bug description
BUG=44108
Review URL: http://codereview.chromium.org/2080005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47306 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame/urlmon_bind_status_callback.h')
| -rw-r--r-- | chrome_frame/urlmon_bind_status_callback.h | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/chrome_frame/urlmon_bind_status_callback.h b/chrome_frame/urlmon_bind_status_callback.h index ef73cb8..98b258a 100644 --- a/chrome_frame/urlmon_bind_status_callback.h +++ b/chrome_frame/urlmon_bind_status_callback.h @@ -131,7 +131,7 @@ END_COM_MAP() int len = lstrlenW(status_text) + 1; status_text_.reset(new wchar_t[len]); if (status_text_.get()) { - lstrcpyW(status_text_.get(), status_text); + lstrcpynW(status_text_.get(), status_text, len); } else { NOTREACHED(); } @@ -167,7 +167,8 @@ END_COM_MAP() scoped_ptr<wchar_t> status_text_; }; - std::vector<Progress*> saved_progress_; + typedef std::vector<Progress*> ProgressVector; + ProgressVector saved_progress_; CLIPFORMAT clip_format_; private: |