diff options
| author | sammc <sammc@chromium.org> | 2014-09-08 00:11:19 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2014-09-08 07:17:50 +0000 |
| commit | f4c09a1101b323c71862728bc86e882d67c1404b (patch) | |
| tree | 3bc210ccc3960a903b179762b2f1cdb200b864b8 /device | |
| parent | 72fb7984fa9d6bf0b75560a2b04eca1c431e2685 (diff) | |
| download | chromium_src-f4c09a1101b323c71862728bc86e882d67c1404b.zip chromium_src-f4c09a1101b323c71862728bc86e882d67c1404b.tar.gz chromium_src-f4c09a1101b323c71862728bc86e882d67c1404b.tar.bz2 | |
Fix a crash in SerialIoHandler.
When a receive error occurs, the SerialConnection pauses receives, which
triggers a call to CancelRead(). This should be a no-op as this occurs
after the previous read completed with an error, but
pending_read_buffer_ isn't cleared until after the error is reported to
SerialConnection. Thus, on posix, a call to ReadDone is enqueued, but
the pending read is cleared before it runs, leading to a crash. This
change clears pending_read_buffer_ and pending_write_buffer_ before
calling Done() or DoneWithError().
BUG=410331
Review URL: https://codereview.chromium.org/551713002
Cr-Commit-Position: refs/heads/master@{#293684}
Diffstat (limited to 'device')
| -rw-r--r-- | device/serial/serial_io_handler.cc | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/device/serial/serial_io_handler.cc b/device/serial/serial_io_handler.cc index 816e139..341df29 100644 --- a/device/serial/serial_io_handler.cc +++ b/device/serial/serial_io_handler.cc @@ -114,12 +114,12 @@ void SerialIoHandler::ReadCompleted(int bytes_read, serial::ReceiveError error) { DCHECK(CalledOnValidThread()); DCHECK(IsReadPending()); + scoped_ptr<WritableBuffer> pending_read_buffer = pending_read_buffer_.Pass(); if (error == serial::RECEIVE_ERROR_NONE) { - pending_read_buffer_->Done(bytes_read); + pending_read_buffer->Done(bytes_read); } else { - pending_read_buffer_->DoneWithError(bytes_read, error); + pending_read_buffer->DoneWithError(bytes_read, error); } - pending_read_buffer_.reset(); Release(); } @@ -127,12 +127,13 @@ void SerialIoHandler::WriteCompleted(int bytes_written, serial::SendError error) { DCHECK(CalledOnValidThread()); DCHECK(IsWritePending()); + scoped_ptr<ReadOnlyBuffer> pending_write_buffer = + pending_write_buffer_.Pass(); if (error == serial::SEND_ERROR_NONE) { - pending_write_buffer_->Done(bytes_written); + pending_write_buffer->Done(bytes_written); } else { - pending_write_buffer_->DoneWithError(bytes_written, error); + pending_write_buffer->DoneWithError(bytes_written, error); } - pending_write_buffer_.reset(); Release(); } |