From 10fd8bc8f1b1902cdc1e634d468638c65ab19dbd Mon Sep 17 00:00:00 2001 From: "grt@chromium.org" Date: Sun, 15 Jun 2014 00:01:08 +0000 Subject: [PATCH] Fix NULL deref in safe browsing preference validation delegate. BUG=384729 TBR=mattm@chromium.org,gab@chromium.org NOTRY=true Review URL: https://codereview.chromium.org/336983002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@277282 0039d316-1c4b-4281-b951-d872f2087c98 --- .../prefs/tracked/tracked_preference_validation_delegate.h | 11 ++++++----- .../browser/safe_browsing/preference_validation_delegate.cc | 9 +++++---- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/chrome/browser/prefs/tracked/tracked_preference_validation_delegate.h b/chrome/browser/prefs/tracked/tracked_preference_validation_delegate.h index d421bb5a8455..a2e91acfe3ba 100644 --- a/chrome/browser/prefs/tracked/tracked_preference_validation_delegate.h +++ b/chrome/browser/prefs/tracked/tracked_preference_validation_delegate.h @@ -23,8 +23,9 @@ class TrackedPreferenceValidationDelegate { virtual ~TrackedPreferenceValidationDelegate() {} // Notifies observes of the result (|value_state|) of checking the atomic - // |value| at |pref_path|. |reset_action| indicates whether or not a reset - // will occur based on |value_state| and the enforcement level in place. + // |value| (which may be NULL) at |pref_path|. |reset_action| indicates + // whether or not a reset will occur based on |value_state| and the + // enforcement level in place. virtual void OnAtomicPreferenceValidation( const std::string& pref_path, const base::Value* value, @@ -32,9 +33,9 @@ class TrackedPreferenceValidationDelegate { TrackedPreferenceHelper::ResetAction reset_action) = 0; // Notifies observes of the result (|value_state|) of checking the split - // |dict_value| at |pref_path|. |reset_action| indicates whether or not a - // reset of |value_keys| will occur based on |value_state| and the enforcement - // level in place. + // |dict_value| (which may be NULL) at |pref_path|. |reset_action| indicates + // whether or not a reset of |value_keys| will occur based on |value_state| + // and the enforcement level in place. virtual void OnSplitPreferenceValidation( const std::string& pref_path, const base::DictionaryValue* dict_value, diff --git a/chrome/browser/safe_browsing/preference_validation_delegate.cc b/chrome/browser/safe_browsing/preference_validation_delegate.cc index 805bda655b11..5d0dfb523ab1 100644 --- a/chrome/browser/safe_browsing/preference_validation_delegate.cc +++ b/chrome/browser/safe_browsing/preference_validation_delegate.cc @@ -53,15 +53,16 @@ void PreferenceValidationDelegate::OnAtomicPreferenceValidation( const std::string& pref_path, const base::Value* value, PrefHashStoreTransaction::ValueState value_state, - TrackedPreferenceHelper::ResetAction reset_action) { + TrackedPreferenceHelper::ResetAction /* reset_action */) { TPIncident_ValueState proto_value_state = MapValueState(value_state); if (proto_value_state != TPIncident::UNKNOWN) { scoped_ptr incident_data( new ClientIncidentReport_IncidentData()); TPIncident* incident = incident_data->mutable_tracked_preference(); incident->set_path(pref_path); - if (!value->GetAsString(incident->mutable_atomic_value()) && - !base::JSONWriter::Write(value, incident->mutable_atomic_value())) { + if (!value || + (!value->GetAsString(incident->mutable_atomic_value()) && + !base::JSONWriter::Write(value, incident->mutable_atomic_value()))) { incident->clear_atomic_value(); } incident->set_value_state(proto_value_state); @@ -74,7 +75,7 @@ void PreferenceValidationDelegate::OnSplitPreferenceValidation( const base::DictionaryValue* dict_value, const std::vector& invalid_keys, PrefHashStoreTransaction::ValueState value_state, - TrackedPreferenceHelper::ResetAction reset_action) { + TrackedPreferenceHelper::ResetAction /* reset_action */) { TPIncident_ValueState proto_value_state = MapValueState(value_state); if (proto_value_state != TPIncident::UNKNOWN) { scoped_ptr incident_data( -- 2.11.4.GIT