-
ananta authored
Fix a use after free crasher in the ReadAsync task initiated on Windows by the FileStream::Context::Read operation. The crash was reported by the DrMemory bot and based on the stack happens because the OVERLAPPED structure passed into the ReadFile call is invalid. Proposed fix is the following:- 1. Have two flags io_complete_for_read_received_ and async_read_completed_ which track whether the IO completion was received for a Read and whether we received a notification on the calling thread that the ReadFile call returned. We invoke the user callback only when both these flags are true. 2. We have another flag async_read_initiated_ which is set to true if an asynchonous Read was initated. We use this to not set the async_in_progress_ flag to false until both notifications as per 1 above are received. 3. All flags above are reset when we invoke the user callback. That now happens in the InvokeUserCallback function. 4. We need to save the result in a member as the callback is invoked later. 5. Removed the Weak pointer member from the Context class as this is not needed because the Context instance should remain valid until the pending Read operation completes. BUG=455066 Review URL: https://codereview.chromium.org/888143003 Cr-Commit-Position: refs/heads/master@{#315098}
806016e8
