base::ObserverList stores raw pointers. If an observer forgets to remove itself from the list, this can lead to use-after-free errors, impacting browser security and stability. These are often hard to diagnose, since the (possible) crash occurs in the owner of the ObserverList, not the deleted observer. We can probably make it safer with minimal overheads. Also easier to debug. Proof-of-Concept: https://chromium-review.googlesource.com/c/chromium/src/+/1053338 Design doc: https://docs.google.com/document/d/1R0k2RgxgM9EdvS0XM5qsGmxWVHEnPkQirmv-XgK7vqA/edit?usp=sharing
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4d20736e744c8882b2acec08dddd3236f1b7238d commit 4d20736e744c8882b2acec08dddd3236f1b7238d Author: Trent Apted <tapted@chromium.org> Date: Wed Aug 15 23:48:15 2018 Split ObserverListThreadSafe tests out into their own .cc file. Apart from some simple classes (Foo, Adder), the existing test suites really don't share very much code. After https://crrev.com/c/1053338 they will share even less. Split out the threaded tests to their own file to reduce complexity. This is largely a verbatim move (preserving order), apart from whitespace changes. Bug: 842987 Change-Id: I555662a5516add7267abd1608f54fd13cbd7d97c Reviewed-on: https://chromium-review.googlesource.com/1175508 Reviewed-by: Gabriel Charette <gab@chromium.org> Commit-Queue: Trent Apted <tapted@chromium.org> Cr-Commit-Position: refs/heads/master@{#583447} [modify] https://crrev.com/4d20736e744c8882b2acec08dddd3236f1b7238d/base/BUILD.gn [add] https://crrev.com/4d20736e744c8882b2acec08dddd3236f1b7238d/base/observer_list_threadsafe_unittest.cc [modify] https://crrev.com/4d20736e744c8882b2acec08dddd3236f1b7238d/base/observer_list_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a250ec3ab9e982d9618127273c54dab7e56ff9ba commit a250ec3ab9e982d9618127273c54dab7e56ff9ba Author: Trent Apted <tapted@chromium.org> Date: Sun Aug 19 08:52:19 2018 Introduce an ObserverList<T>::Unchecked type alias. This is a precursor to https://crrev.com/c/1053338 which introduces base::CheckedObserver. Existing observers will be unchecked (as they are already). There is no behavior change with this CL. The CL is mechanical. The bulk was done with variations on a sed script: git grep -l ' base::ObserverList<.*> .*;' -- '*.cc' '*.h' '*.mm' | \ xargs -IX sed -i -r 's/(^[ ]*)base::ObserverList<([^>]*)> (.*);/'\ '\1base::ObserverList<\2>::Unchecked \3;/' X With some manual follow-ups to get special cases. TBR=gab@chromium.org Bug: 842987 Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:ios-simulator-full-configs;luci.chromium.try:linux_layout_tests_slimming_paint_v2;luci.chromium.try:linux_mojo;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.mac:ios-simulator-cronet Change-Id: Idffe88e2b52f67f9226eb7b6d922070349dacc22 Reviewed-on: https://chromium-review.googlesource.com/1175511 Commit-Queue: Trent Apted <tapted@chromium.org> Reviewed-by: Gabriel Charette <gab@chromium.org> Cr-Commit-Position: refs/heads/master@{#584330} [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/android_webview/browser/aw_render_thread_context_provider.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/apps/app_lifetime_monitor.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/accessibility/accessibility_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/app_list/model/app_list_item.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/app_list/model/app_list_item_list.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/app_list/model/app_list_model.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/app_list/model/folder_image.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/app_list/model/search/search_box_model.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/app_list/model/search/search_result.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/app_list/pagination_model.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/app_list/views/top_icon_animation_view.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/assistant/assistant_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/assistant/model/assistant_interaction_model.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/assistant/model/assistant_screen_context_model.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/assistant/model/assistant_ui_model.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/assistant/ui/dialog_plate/dialog_plate.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/cast_config_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/detachable_base/detachable_base_handler.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/display/screen_orientation_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/display/window_tree_host_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/drag_drop/drag_drop_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/highlighter/highlighter_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/ime/ime_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/keyboard/keyboard_ui.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/lock_screen_action/lock_screen_action_background_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/login/login_screen_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/login/ui/login_data_dispatcher.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/media_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/message_center/message_center_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/message_center/message_list_view.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/pointer_watcher_adapter.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/public/cpp/shelf_model.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/rotator/screen_rotation_animator.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/session/session_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/shelf/shelf.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/shelf/shelf_background_animator.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/shelf/shelf_button.cc [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/shelf/shelf_layout_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/shell.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/shutdown_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/system/message_center/arc/arc_notification_item_impl.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/system/message_center/arc/arc_notification_surface_manager_impl.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/system/message_center/arc/mock_arc_notification_item.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/system/model/clock_model.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/system/model/enterprise_domain_model.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/system/model/session_length_limit_model.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/system/model/tracing_model.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/system/model/update_model.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/system/network/network_icon_animation.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/system/network/vpn_list.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/system/night_light/night_light_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/system/power/backlights_forced_off_setter.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/system/power/power_status.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/system/tray/system_tray_notifier.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/system/unified/unified_system_tray_model.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/tray_action/tray_action.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/wallpaper/wallpaper_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/wallpaper/wallpaper_utils/wallpaper_color_calculator.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/wallpaper/wallpaper_utils/wallpaper_resizer.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/wm/lock_state_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/wm/splitview/split_view_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/wm/tablet_mode/tablet_mode_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/wm/video_detector.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/ash/wm/window_state.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/base/memory/memory_pressure_listener.cc [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/base/message_loop/message_loop.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/base/message_loop/message_pump_win.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/base/observer_list.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/base/process/port_provider_mac.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/base/run_loop.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/base/task/sequence_manager/sequence_manager_impl.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/base/task/sequence_manager/task_queue_impl.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/cc/animation/element_animations.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/android/bookmarks/partner_bookmarks_shim.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/android/thumbnail/thumbnail_cache.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/background/background_application_list_model.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/background/background_contents.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/browsing_data/cookies_tree_model.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chrome_browser_application_mac.mm [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/app_mode/arc/arc_kiosk_app_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/app_mode/kiosk_app_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/arc/accessibility/arc_accessibility_helper_bridge_unittest.cc [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/arc/arc_session_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/arc/arc_session_manager_unittest.cc [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/arc/extensions/fake_arc_support.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/arc/fileapi/arc_file_system_bridge.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/arc/fileapi/arc_file_system_operation_runner.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/arc/policy/arc_policy_bridge.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/arc/voice_interaction/voice_interaction_controller_client.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/camera_presence_notifier.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/crostini/crostini_manager.cc [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/crostini/crostini_registry_service.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/drive/drive_integration_service.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/file_manager/fake_disk_mount_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/file_manager/volume_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/file_system_provider/fake_provided_file_system.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/file_system_provider/provided_file_system.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/file_system_provider/request_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/file_system_provider/service.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/first_run/drive_first_run_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/input_method/candidate_window_controller_impl.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/input_method/input_method_manager_impl.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/input_method/mock_candidate_window_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/lock_screen_apps/state_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/login/easy_unlock/easy_unlock_service.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/login/oobe_configuration.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/login/screens/welcome_screen.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/login/session/user_session_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/login/signin/oauth2_login_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/login/ui/user_adding_screen.cc [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/login/ui/webui_login_view.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/login/users/avatar/user_image_sync_observer.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/mobile/mobile_activator.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/net/network_portal_detector_impl.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/net/network_portal_detector_test_impl.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/note_taking_helper.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/policy/affiliated_invalidation_service_provider_impl.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/policy/device_local_account_policy_service.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/policy/minimum_version_policy_handler.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/policy/off_hours/device_off_hours_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/policy/user_network_configuration_updater.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/power/ml/idle_event_notifier.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/printing/cups_print_job_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/printing/cups_printers_manager.cc [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/printing/cups_printers_manager_unittest.cc [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/printing/external_printers.cc [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/settings/device_settings_service.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/system/automatic_reboot_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/system/device_disabling_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/system/pointer_device_observer.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/system/system_clock.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/chromeos/system/timezone_resolver_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/command_updater_impl.cc [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/conflicts/module_database_win.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/content_settings/tab_specific_content_settings.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/download/download_history.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/download/download_offline_content_provider.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/engagement/site_engagement_service.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/extensions/api/braille_display_private/braille_controller_brlapi.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/extensions/api/commands/command_service.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/extensions/api/content_settings/content_settings_store.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/extensions/api/extension_action/extension_action_api.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/extensions/api/settings_private/generated_pref.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/extensions/blacklist.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/extensions/error_console/error_console.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/extensions/extension_management.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/extensions/extension_service.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/extensions/install_tracker.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/extensions/load_error_reporter.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/extensions/tab_helper.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/extensions/window_controller_list.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/feature_engagement/session_duration_updater.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/font_pref_change_notifier.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/local_discovery/service_discovery_client_mdns.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/media/android/router/media_router_android.cc [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/media/android/router/media_router_android.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/media/router/discovery/dial/dial_registry.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/media/router/discovery/dial/dial_service.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/media/router/discovery/mdns/dns_sd_registry.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/media/router/issue_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/media/router/mojo/media_route_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/media/router/mojo/media_router_mojo_impl.cc [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/media/router/mojo/media_router_mojo_impl.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/media/router/presentation/presentation_service_delegate_impl.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/media/webrtc/media_capture_devices_dispatcher.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/media_galleries/media_galleries_preferences.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/metrics/desktop_session_duration/desktop_session_duration_tracker.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/metrics/oom/out_of_memory_reporter.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/net/nqe/ui_network_quality_estimator_service.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/ntp_snippets/download_suggestions_provider_unittest.cc [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/page_load_metrics/metrics_web_contents_observer.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/permissions/permission_request_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/plugins/plugin_installer.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/policy/machine_level_user_cloud_policy_controller.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/prerender/prerender_contents.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/profiles/profile_attributes_storage.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/resource_coordinator/lifecycle_unit_base.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/resource_coordinator/lifecycle_unit_source_base.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/resource_coordinator/page_signal_receiver.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/resource_coordinator/tab_lifecycle_unit.cc [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/resource_coordinator/tab_lifecycle_unit.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/resource_coordinator/tab_lifecycle_unit_source.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/resource_coordinator/tab_lifecycle_unit_unittest.cc [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/resource_coordinator/tab_load_tracker.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/safe_browsing/chrome_cleaner/chrome_cleaner_controller_impl_win.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/safe_browsing/chrome_password_protection_service.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/safe_browsing/ui_manager.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/search/background/ntp_background_service.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/search/instant_service.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/search/one_google_bar/one_google_bar_service.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/sessions/session_restore.cc [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff9ba/chrome/browser/sessions/session_restore.h [modify] https://crrev.com/a250ec3ab9e982d9618127273c54dab7e56ff
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9a9b1bb58592d5e2d32243f89d17f6f0e7d5197a commit 9a9b1bb58592d5e2d32243f89d17f6f0e7d5197a Author: Trent Apted <tapted@chromium.org> Date: Tue Aug 21 08:00:51 2018 Update 3 ObserverLists introduced after r584330 to be ::Unchecked. r584330 updated all annotations on ObserverList declarations to be ::Unchecked, but a few new declarations appeared since that. They need to be ::Unchecked as well in order for https://crrev.com/c/1053338 to land cleanly. TBR=gab@chromium.org Bug: 842987 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: I1c6d7ae8e9668438afa8184fd0c3884a21e9732d Reviewed-on: https://chromium-review.googlesource.com/1182712 Commit-Queue: Trent Apted <tapted@chromium.org> Reviewed-by: Trent Apted <tapted@chromium.org> Cr-Commit-Position: refs/heads/master@{#584682} [modify] https://crrev.com/9a9b1bb58592d5e2d32243f89d17f6f0e7d5197a/ash/assistant/model/assistant_cache_model.h [modify] https://crrev.com/9a9b1bb58592d5e2d32243f89d17f6f0e7d5197a/chrome/browser/ui/toolbar/media_router_action_controller.h [modify] https://crrev.com/9a9b1bb58592d5e2d32243f89d17f6f0e7d5197a/services/network/crl_set_distributor.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/30f97fddc348e14c23499ffc0f638deff901641c commit 30f97fddc348e14c23499ffc0f638deff901641c Author: Trent Apted <tapted@chromium.org> Date: Tue Aug 21 09:03:47 2018 base::CheckedObserver - a common base class for observers. Turns a possible UAF when trying to notify a deleted observer into a CHECK(). This is achieved with minimal changes to ObserverList and an adapter that gives WeakPtr-like semantics to an observer interface. base::ObserverList<T>::Unchecked continues to use raw pointers that are unchecked. Bug: 842987, 808318 Change-Id: I8ab20845f4f6e1d2559490287731cea2dbf40d39 Reviewed-on: https://chromium-review.googlesource.com/1053338 Commit-Queue: Trent Apted <tapted@chromium.org> Reviewed-by: Gabriel Charette <gab@chromium.org> Reviewed-by: Elly Fong-Jones <ellyjones@chromium.org> Cr-Commit-Position: refs/heads/master@{#584694} [modify] https://crrev.com/30f97fddc348e14c23499ffc0f638deff901641c/base/BUILD.gn [modify] https://crrev.com/30f97fddc348e14c23499ffc0f638deff901641c/base/memory/weak_ptr.h [modify] https://crrev.com/30f97fddc348e14c23499ffc0f638deff901641c/base/memory/weak_ptr_unittest.cc [modify] https://crrev.com/30f97fddc348e14c23499ffc0f638deff901641c/base/observer_list.h [add] https://crrev.com/30f97fddc348e14c23499ffc0f638deff901641c/base/observer_list_internal.cc [add] https://crrev.com/30f97fddc348e14c23499ffc0f638deff901641c/base/observer_list_internal.h [add] https://crrev.com/30f97fddc348e14c23499ffc0f638deff901641c/base/observer_list_types.cc [add] https://crrev.com/30f97fddc348e14c23499ffc0f638deff901641c/base/observer_list_types.h [modify] https://crrev.com/30f97fddc348e14c23499ffc0f638deff901641c/base/observer_list_unittest.cc [add] https://crrev.com/30f97fddc348e14c23499ffc0f638deff901641c/base/observer_list_unittest.nc [modify] https://crrev.com/30f97fddc348e14c23499ffc0f638deff901641c/base/test/gtest_util.h [modify] https://crrev.com/30f97fddc348e14c23499ffc0f638deff901641c/ui/views/widget/widget.h [modify] https://crrev.com/30f97fddc348e14c23499ffc0f638deff901641c/ui/views/widget/widget_observer.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/453d0b5bfe7a24ad31375337b6cdfa44dc9f54c3 commit 453d0b5bfe7a24ad31375337b6cdfa44dc9f54c3 Author: Trent Apted <tapted@chromium.org> Date: Thu Aug 23 00:13:22 2018 base::CheckedObserver: Follow-up review comments Follow-ups to review comments in https://crrev.com/c/1053338 Bug: 842987 Change-Id: I1cf78667887bb86555d3f9043e2afe5d8eacf2bb Reviewed-on: https://chromium-review.googlesource.com/1184590 Reviewed-by: Wez <wez@chromium.org> Reviewed-by: Gabriel Charette <gab@chromium.org> Commit-Queue: Trent Apted <tapted@chromium.org> Cr-Commit-Position: refs/heads/master@{#585327} [modify] https://crrev.com/453d0b5bfe7a24ad31375337b6cdfa44dc9f54c3/base/memory/weak_ptr.h [modify] https://crrev.com/453d0b5bfe7a24ad31375337b6cdfa44dc9f54c3/base/memory/weak_ptr_unittest.cc [modify] https://crrev.com/453d0b5bfe7a24ad31375337b6cdfa44dc9f54c3/base/observer_list.h [modify] https://crrev.com/453d0b5bfe7a24ad31375337b6cdfa44dc9f54c3/base/observer_list_internal.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/fdc7c7a56eb240d47eeab0696d00958b71ea40fe commit fdc7c7a56eb240d47eeab0696d00958b71ea40fe Author: James Cook <jamescook@chromium.org> Date: Fri Oct 05 23:55:08 2018 Convert DisplayManager to use CheckedObserver Display observers have historically caused problems on Chrome OS. They are not performance critical, so converted from UncheckedObserver to checked observer. Bug: 842987 Change-Id: I803afb4c6b5a2ef8e2bf1652183a8835243d07ec Reviewed-on: https://chromium-review.googlesource.com/c/1263338 Reviewed-by: Ahmed Fakhry <afakhry@chromium.org> Reviewed-by: Michael Spang <spang@chromium.org> Commit-Queue: James Cook <jamescook@chromium.org> Cr-Commit-Position: refs/heads/master@{#597374} [modify] https://crrev.com/fdc7c7a56eb240d47eeab0696d00958b71ea40fe/ui/display/display_change_notifier.h [modify] https://crrev.com/fdc7c7a56eb240d47eeab0696d00958b71ea40fe/ui/display/display_list.h [modify] https://crrev.com/fdc7c7a56eb240d47eeab0696d00958b71ea40fe/ui/display/display_observer.h [modify] https://crrev.com/fdc7c7a56eb240d47eeab0696d00958b71ea40fe/ui/display/manager/display_manager.h [modify] https://crrev.com/fdc7c7a56eb240d47eeab0696d00958b71ea40fe/ui/ozone/platform/scenic/scenic_screen.h [modify] https://crrev.com/fdc7c7a56eb240d47eeab0696d00958b71ea40fe/ui/ozone/platform/wayland/wayland_screen.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5b2786cb7ab7b3956f48876c1d4b34cc4e971dfb commit 5b2786cb7ab7b3956f48876c1d4b34cc4e971dfb Author: James Cook <jamescook@chromium.org> Date: Thu Oct 11 22:25:17 2018 chromeos: Convert SessionObserver to use CheckedObserver There are a large number of SessionObservers. Session state does not change very often, so these observers are not performance critical. Bug: 842987 Change-Id: I0d772fc07cd0c57a2f4e0d4c0ac3cba24641d3d4 Reviewed-on: https://chromium-review.googlesource.com/c/1277968 Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Commit-Queue: James Cook <jamescook@chromium.org> Cr-Commit-Position: refs/heads/master@{#598981} [modify] https://crrev.com/5b2786cb7ab7b3956f48876c1d4b34cc4e971dfb/ash/session/session_controller.h [modify] https://crrev.com/5b2786cb7ab7b3956f48876c1d4b34cc4e971dfb/ash/session/session_observer.h
Comment 1 by bugdroid1@chromium.org
, Aug 15