From 85fc27b00e4667b4286e2100f8c9c8466275827b Mon Sep 17 00:00:00 2001
From: "shess@chromium.org"
 <shess@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri, 17 Feb 2012 02:15:09 +0000
Subject: Clear statement before closing db in cookie code.

sql::Statement maintains a weak ref to the associated sql::Connection,
meaning that if the database and statement are destructed in the wrong
order, a use-after-free can result.  sql::Statement::Clear() allows
resetting the statement to the default-constructed state.

BUG=111376
TEST=fewer crashes.


Review URL: http://codereview.chromium.org/9418021

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@122430 0039d316-1c4b-4281-b951-d872f2087c98
---
 sql/statement.cc | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'sql/statement.cc')

diff --git a/sql/statement.cc b/sql/statement.cc
index 7bc6adf..626c15b 100644
--- a/sql/statement.cc
+++ b/sql/statement.cc
@@ -36,6 +36,11 @@ void Statement::Assign(scoped_refptr<Connection::StatementRef> ref) {
   ref_ = ref;
 }
 
+void Statement::Clear() {
+  Assign(new Connection::StatementRef);
+  succeeded_ = false;
+}
+
 bool Statement::CheckValid() const {
   if (!is_valid())
     DLOG(FATAL) << "Cannot call mutating statements on an invalid statement.";
-- 
cgit v1.1