From 3e076bf848daaa9c4a22bff569e25e6292029f60 Mon Sep 17 00:00:00 2001 From: "phajdan.jr@chromium.org" Date: Sat, 26 Jun 2010 08:01:09 +0000 Subject: Fix a renderer crash while processing FTP directory listing. The problem was caused by a broken assumption about current_parser_. After adding OnEndOfInput to FtpDirectoryListingParser interface, it was possible that during processing of input we ended up with just one parser, which returned error when OnEndOfInput was called. In that case, we should just reset current_parser_ to NULL to avoid a use-after-free error. TEST=net_unittests BUG=47528 Review URL: http://codereview.chromium.org/2846037 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50930 0039d316-1c4b-4281-b951-d872f2087c98 --- net/ftp/ftp_directory_listing_buffer.cc | 2 +- net/ftp/ftp_directory_listing_buffer_unittest.cc | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'net/ftp') diff --git a/net/ftp/ftp_directory_listing_buffer.cc b/net/ftp/ftp_directory_listing_buffer.cc index 41daeb4..8399f13 100644 --- a/net/ftp/ftp_directory_listing_buffer.cc +++ b/net/ftp/ftp_directory_listing_buffer.cc @@ -149,7 +149,7 @@ int FtpDirectoryListingBuffer::OnEndOfInput() { } if (parsers_.size() != 1) { - DCHECK(!current_parser_); + current_parser_ = NULL; // We may hit an ambiguity in case of listings which have no entries. That's // fine, as long as all remaining parsers agree that the listing is empty. diff --git a/net/ftp/ftp_directory_listing_buffer_unittest.cc b/net/ftp/ftp_directory_listing_buffer_unittest.cc index d9708d5..c3c55d0 100644 --- a/net/ftp/ftp_directory_listing_buffer_unittest.cc +++ b/net/ftp/ftp_directory_listing_buffer_unittest.cc @@ -35,6 +35,7 @@ TEST(FtpDirectoryListingBufferTest, Parse) { "dir-listing-ls-14", "dir-listing-ls-15", "dir-listing-ls-16", + "dir-listing-ls-17", "dir-listing-mlsd-1", "dir-listing-mlsd-2", "dir-listing-netware-1", -- cgit v1.1