diff options
author | shess@chromium.org <shess@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-02-17 02:15:09 +0000 |
---|---|---|
committer | shess@chromium.org <shess@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-02-17 02:15:09 +0000 |
commit | 85fc27b00e4667b4286e2100f8c9c8466275827b (patch) | |
tree | 59fef43584106d9e9679e8391ef065419321eefa /sql | |
parent | 7ed49c23b6a29b533e3e3550c818f45ef5afe32e (diff) | |
download | chromium_src-85fc27b00e4667b4286e2100f8c9c8466275827b.zip chromium_src-85fc27b00e4667b4286e2100f8c9c8466275827b.tar.gz chromium_src-85fc27b00e4667b4286e2100f8c9c8466275827b.tar.bz2 |
Clear statement before closing db in cookie code.
sql::Statement maintains a weak ref to the associated sql::Connection,
meaning that if the database and statement are destructed in the wrong
order, a use-after-free can result. sql::Statement::Clear() allows
resetting the statement to the default-constructed state.
BUG=111376
TEST=fewer crashes.
Review URL: http://codereview.chromium.org/9418021
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@122430 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sql')
-rw-r--r-- | sql/statement.cc | 5 | ||||
-rw-r--r-- | sql/statement.h | 4 |
2 files changed, 9 insertions, 0 deletions
diff --git a/sql/statement.cc b/sql/statement.cc index 7bc6adf..626c15b 100644 --- a/sql/statement.cc +++ b/sql/statement.cc @@ -36,6 +36,11 @@ void Statement::Assign(scoped_refptr<Connection::StatementRef> ref) { ref_ = ref; } +void Statement::Clear() { + Assign(new Connection::StatementRef); + succeeded_ = false; +} + bool Statement::CheckValid() const { if (!is_valid()) DLOG(FATAL) << "Cannot call mutating statements on an invalid statement."; diff --git a/sql/statement.h b/sql/statement.h index fb70cf1..5b4ff92 100644 --- a/sql/statement.h +++ b/sql/statement.h @@ -55,6 +55,10 @@ class SQL_EXPORT Statement { // be valid. Use is_valid() to check if it's OK. void Assign(scoped_refptr<Connection::StatementRef> ref); + // Resets the statement to an uninitialized state corrosponding to + // the default constructor, releasing the StatementRef. + void Clear(); + // Returns true if the statement can be executed. All functions can still // be used if the statement is invalid, but they will return failure or some // default value. This is because the statement can become invalid in the |