diff options
| author | shess@chromium.org <shess@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-02-17 02:15:09 +0000 |
|---|---|---|
| committer | shess@chromium.org <shess@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-02-17 02:15:09 +0000 |
| commit | 85fc27b00e4667b4286e2100f8c9c8466275827b (patch) | |
| tree | 59fef43584106d9e9679e8391ef065419321eefa /sql/statement.cc | |
| parent | 7ed49c23b6a29b533e3e3550c818f45ef5afe32e (diff) | |
| download | chromium_src-85fc27b00e4667b4286e2100f8c9c8466275827b.zip chromium_src-85fc27b00e4667b4286e2100f8c9c8466275827b.tar.gz chromium_src-85fc27b00e4667b4286e2100f8c9c8466275827b.tar.bz2 | |
Clear statement before closing db in cookie code.
sql::Statement maintains a weak ref to the associated sql::Connection,
meaning that if the database and statement are destructed in the wrong
order, a use-after-free can result. sql::Statement::Clear() allows
resetting the statement to the default-constructed state.
BUG=111376
TEST=fewer crashes.
Review URL: http://codereview.chromium.org/9418021
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@122430 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sql/statement.cc')
| -rw-r--r-- | sql/statement.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sql/statement.cc b/sql/statement.cc index 7bc6adf..626c15b 100644 --- a/sql/statement.cc +++ b/sql/statement.cc @@ -36,6 +36,11 @@ void Statement::Assign(scoped_refptr<Connection::StatementRef> ref) { ref_ = ref; } +void Statement::Clear() { + Assign(new Connection::StatementRef); + succeeded_ = false; +} + bool Statement::CheckValid() const { if (!is_valid()) DLOG(FATAL) << "Cannot call mutating statements on an invalid statement."; |