Posible access to unintended variable in "chromium/chrome/browser/extensions/api/passwords_private/passwords_private_delegate_impl.cc" line 269
Reported by
pet...@gmail.com,
Jul 2
|
|||
Issue description
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
Steps to reproduce the problem:
While experimenting with a CodeSonar plugin we develop, we noticed a potential bug in file "chromium/chrome/browser/extensions/api/passwords_private/passwords_private_delegate_impl.cc" line 269 function PasswordsPrivateDelegateImpl::SetPasswordExceptionList.
DCHECK(!current_entries_initialized_ ||
get_saved_passwords_list_callbacks_.empty()); //HERE
current_exceptions_initialized_ = true;
InitializeIfNecessary();
for (const auto& callback : get_password_exception_list_callbacks_)
callback.Run(current_exceptions_);
get_password_exception_list_callbacks_.clear();
Shouldn't get_password_exception_list_callbacks_ be verified in the DCHECK instead of get_saved_passwords_list_callbacks_? Similarly, shouldn't current_exceptions_initialized_
be checked in the DCHECK instead of current_entries_initialized_ ?
Thanks,
Petru Florin Mihancea
What is the expected behavior?
The problem has been detected automatically via static analysis.
What went wrong?
The problem has been detected automatically via static analysis.
Did this work before? N/A
Chrome version: 67.0.3396.99 Channel: stable
OS Version: OS X 10.13.5
Flash Version:
,
Jul 9
petrum@ Thanks for the issue. As this issue is related to DCHECK, and this is out of scope of triaging at TE end. hence adding 'TE-NeedsTriageHelp' label. Tentatively adding 'Infra' component to look into the issue and help further. Thanks..
,
Jul 23
|
|||
►
Sign in to add a comment |
|||
Comment 1 by viswa.karala@chromium.org
, Jul 2