Issue 708256 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	karandeepb@chromium.org
Closed:	Apr 2017
Components:	Platform>Extensions
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	2
Type:	Bug

ExtensionsTest: Move code from constructor to SetUp methods.

Project Member Reported by karandeepb@chromium.org, Apr 4 2017

Issue description

Chrome Version: 59.0.3057.0

See comments in https://codereview.chromium.org/2798503002/.

ExtensionsTest does all its initialization in its constructor but destroyes its initialized instances in TearDown(). This can lead to problems.

Also, the extensions_browser_client_ instance is reset in TearDown but not unset as the singleton until the destructor which can cause use after free errors.

ExtensionsTest does all its initialization in its constructor but destroys its initialized instances in TearDown(). This can lead to problems.

Also, the extensions_browser_client_ instance is reset in TearDown but not unset as the singleton until the destructor which can cause use after free errors.

Comment 1 by karandeepb@chromium.org, Apr 4 2017

Description: Show this description

Comment 2 by karandeepb@chromium.org, Apr 4 2017

Summary: ExtensionsTest: Move code from constructor to SetUp methods. (was: ExtensionTest: Move code from constructor to SetUp methods.)

Comment 3 by karandeepb@chromium.org, Apr 4 2017

Description: Show this description

Project Member

Comment 4 by bugdroid1@chromium.org, Apr 12 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fb19fb99a92bd5335dd24dde693e64f8ced55cbf

commit fb19fb99a92bd5335dd24dde693e64f8ced55cbf
Author: karandeepb <karandeepb@chromium.org>
Date: Wed Apr 12 00:23:20 2017

ExtensionsTest: Move initialization to SetUp and avoid potential UAF.

ExtensionsTest does all its initialization in its constructor but destroys its
initialized instances in TearDown(). This CL moves all the initialization logic
to its SetUp() method to make the initialization consistent with destruction.
The ExtensionsTest subclasses which rely on the current initialization sequence
are also modified.

Also, currently the extensions_browser_client_ instance is reset in TearDown()
but not unset as the singleton until the destructor. This can cause use after
free errors. This is also fixed by resetting the singleton instances in
TearDown() itself.

BUG= 708256 

Review-Url: https://codereview.chromium.org/2802433004
Cr-Commit-Position: refs/heads/master@{#463854}

[modify] https://crrev.com/fb19fb99a92bd5335dd24dde693e64f8ced55cbf/extensions/browser/api/bluetooth/bluetooth_event_router_unittest.cc
[modify] https://crrev.com/fb19fb99a92bd5335dd24dde693e64f8ced55cbf/extensions/browser/api/file_handlers/mime_util_unittest.cc
[modify] https://crrev.com/fb19fb99a92bd5335dd24dde693e64f8ced55cbf/extensions/browser/extensions_test.cc
[modify] https://crrev.com/fb19fb99a92bd5335dd24dde693e64f8ced55cbf/extensions/browser/lazy_background_task_queue_unittest.cc
[modify] https://crrev.com/fb19fb99a92bd5335dd24dde693e64f8ced55cbf/extensions/browser/policy_check_unittest.cc
[modify] https://crrev.com/fb19fb99a92bd5335dd24dde693e64f8ced55cbf/extensions/browser/process_manager_unittest.cc
[modify] https://crrev.com/fb19fb99a92bd5335dd24dde693e64f8ced55cbf/extensions/browser/updater/update_service_unittest.cc

Comment 5 by karandeepb@chromium.org, Apr 12 2017

Status: Fixed (was: Assigned)

►

Issue 708256 link

Issue metadata

ExtensionsTest: Move code from constructor to SetUp methods.

Issue description

Comment 1 by karandeepb@chromium.org, Apr 4 2017

Comment 1 Deleted

Comment 2 by karandeepb@chromium.org, Apr 4 2017

Comment 2 Deleted

Comment 3 by karandeepb@chromium.org, Apr 4 2017

Comment 3 Deleted

Comment 4 by bugdroid1@chromium.org, Apr 12 2017

Comment 4 Deleted

Comment 5 by karandeepb@chromium.org, Apr 12 2017

Comment 5 Deleted

Sign in to add a comment