| commit | 671b74df4a8a16ca0c107dec6f7527e51d6ebfbf | [log] [tgz] |
|---|---|---|
| author | [email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98> | Thu Jun 09 03:41:18 2011 |
| committer | [email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98> | Thu Jun 09 03:41:18 2011 |
| tree | 05361ae3229d6a41892edf5ad9ae5795b7e97597 | |
| parent | e0a364209b0da8378accf3f28d3a850a26eeb0dd [diff] [blame] |
Revert 88284 - Revert 88151 (see crbug.com/85296) - Fix user-after-free error with ObserverList. The problem is that if an ObserverListBase::Iterator is on the stack and one of the observers deletes the object holding the list, Iterator's destructor will use the deleted list. Relanding 88151 now that sync fixes (88483, 88472) are in. BUG=84919 Review URL: http://codereview.chromium.org/7127001 [email protected] Review URL: http://codereview.chromium.org/7134008 [email protected] Review URL: http://codereview.chromium.org/7129036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88484 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/base/observer_list_unittest.cc b/base/observer_list_unittest.cc index 8315a2b4..d0d2001 100644 --- a/base/observer_list_unittest.cc +++ b/base/observer_list_unittest.cc
@@ -422,4 +422,27 @@ << "Adder should not observe, so sum should still be 0."; } +class ListDestructor : public Foo { + public: + explicit ListDestructor(ObserverList<Foo>* list) : list_(list) {} + virtual void Observe(int x) { + delete list_; + } + virtual ~ListDestructor() { } + int total; + private: + ObserverList<Foo>* list_; +}; + + +TEST(ObserverListTest, IteratorOutlivesList) { + ObserverList<Foo>* observer_list = new ObserverList<Foo>; + ListDestructor a(observer_list); + observer_list->AddObserver(&a); + + FOR_EACH_OBSERVER(Foo, *observer_list, Observe(0)); + // If this test fails, there'll be Valgrind errors when this function goes out + // of scope. +} + } // namespace