-
asargent authored
When we changed content verification to strict mode (crbug.com/601512), it turns out that the code for downloading missing verified_contents.json files from the webstore had two longstanding bugs that we never noticed due to insufficient tests: a) Returning the results of a boolean expression as an integer b) Use after free of an object The end result is that when the patch for crbug.com/601512 hit stable, many users became unable to run the EFF's HTTPS Everywhere and Privacy Badger extensions because those are uploaded via a special process where the webstore does not have a copy of their private key and cannot include the verified_contents.json file in the .crx file; rather we rely on being able to download it after install but fail due to the above mentioned bugs. This patch fixes the bugs and also introduces a change which clears the corruption "disable reason" on extension autoupdate, so that users who had the extension disabled because of this bug can get it re-enabled automatically by an extension autoupdate. BUG=643814 Review-Url: https://codereview.chromium.org/2336403002 Cr-Commit-Position: refs/heads/master@{#418748}
e4de9f97
