New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 706488 link

Starred by 2 users
Status: WontFix
Owner:
spqc...@chromium.org
Last visit > 30 days ago
Closed: Aug 23
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

Weak C++ pointer ivars need better documentation, and there's a problem

Project Member Reported by shrike@chromium.org, Mar 29 2017 
I was looking through the code trying to see what might be going on in the crash in Issue 675854, and noticed that manage_passwords_decoration.h, content_setting_bubble_cocoa.h, and permission_bubble_controller.h all declare a decoration_ ivar which is a naked pointer to a C++ object. The comment says the reference is "weak" but I've never seen us maintain a weak reference to a C++ object. It looks like it's happening for other ivars, and in other classes in the Chrome codebase. I guess it's accepted practice, but it sure seems dangerous.

At a minimum there needs to be an explanation with each ivar explaining why it's OK that they're treated as weak.

One real problem is content_setting_bubble_cocoa declares the method -decorationForBubble, which simply returns the decoration_ ivar. It can't really know who is asking for this ivar, what lifetime the callee will assume the pointer has or how long it will hold onto the pointer, etc. This ivar cannot be weak in any way if it's going to be returned outside of the class.

Comment 1 by spqc...@chromium.org, May 6 2017 

What's the scope of this? Are we adding an explanation for every weak C++ ivar?

Comment 2 by shrike@chromium.org, May 6 2017 

The scope is the three .h files I called out (manage_passwords_decoration.h, content_setting_bubble_cocoa.h, and permission_bubble_controller.h).

content_setting_bubble_cocoa needs to be reworked so that its decoration_ ivar is not "weak." That's because content_setting_bubble_cocoa retuns that pointer to callers of -decorationForBubble. Those callers have no idea of the lifetime of that object and may hold onto the pointer after it's been freed.

Comment 3 by mpear...@chromium.org, Jun 27 2017 

Pri-1 bug that hasn't been touched in almost two months cannot be Pri-1.  Certainly not if it's limited to better documentation; those are usually Pri-3.  I can understand morphing this bug to fix the content settings issue and having as Pri-2.

Comment 4 by mpear...@chromium.org, Jun 27 2017

Labels: Hotlist-CodeHealth

Comment 5 by shrike@chromium.org, Jun 28 2017

Labels: -Pri-1 -M-59 M-61 Pri-2
I'll mark it P2. There's a documentation problem but there's also a fundamental bug in the code that could lead to unexpected crashes.

soqchan@ - can you look into this for landing before M61 branch?

Comment 6 by spqc...@chromium.org, Aug 23

Status: WontFix (was: Assigned)

Sign in to add a comment