Fix NULL deref in HistoryBackend::ExpireHistoryBetween.

We're seeing crashes in history::VisitDatabase::GetStartDate coming from HistoryBackend::ExpireHistoryBetween where db_ is NULL. This change mitigates this by two avenues: first_recorded_time_ is cleared when the DB is closed (so that no other code that checks it blows up), and GetStartDate is no longer called by ExpireHistoryBetween when db_ is NULL. Evidence suggests that this bug is responsible for browser crashes at shutdown that result in a corrupt profile dialog on the next launch. BUG=275916, 273832, 165282, 107613, 36588 R=brettw@chromium.org Review URL: https://chromiumcodereview.appspot.com/23861005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@221802 0039d316-1c4b-4281-b951-d872f2087c98

Fix NULL deref in HistoryBackend::ExpireHistoryBetween.
We're seeing crashes in history::VisitDatabase::GetStartDate coming from HistoryBackend::ExpireHistoryBetween where db_ is NULL. This change mitigates this by two avenues: first_recorded_time_ is cleared when the DB is closed (so that no other code that checks it blows up), and GetStartDate is no longer called by ExpireHistoryBetween when db_ is NULL. Evidence suggests that this bug is responsible for browser crashes at shutdown that result in a corrupt profile dialog on the next launch. BUG=275916, 273832, 165282, 107613, 36588 R=brettw@chromium.org Review URL: https://chromiumcodereview.appspot.com/23861005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@221802 0039d316-1c4b-4281-b951-d872f2087c98
6c60cde7 · grt@chromium.org · cdc07007 · 6c60cde7
Commit 6c60cde7 authored Sep 06, 2013 by grt@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 13 deletions

chrome/browser/history/history_backend.cc chrome/browser/history/history_backend.cc +16 -13

No files found.
--- a/chrome/browser/history/history_backend.cc
+++ b/chrome/browser/history/history_backend.cc
@@ -710,6 +710,8 @@ void HistoryBackend::CloseAllDatabases() {
    // Commit the long-running transaction.
    db_->CommitTransaction();
    db_.reset();
+    // Forget the first recorded time since the database is closed.
+    first_recorded_time_ = base::Time();
  }
  if (thumbnail_db_) {
    thumbnail_db_->CommitTransaction();
@@ -2485,20 +2487,21 @@ void HistoryBackend::ExpireHistoryBetween(
    const std::set<GURL>& restrict_urls,
    Time begin_time,
    Time end_time) {
-  if (db_) {
-    if (begin_time.is_null() && (end_time.is_null() || end_time.is_max()) &&
-        restrict_urls.empty()) {
-      // Special case deleting all history so it can be faster and to reduce the
-      // possibility of an information leak.
-      DeleteAllHistory();
-    } else {
-      // Clearing parts of history, have the expirer do the depend
-      expirer_.ExpireHistoryBetween(restrict_urls, begin_time, end_time);
+  if (!db_)
+    return;

-      // Force a commit, if the user is deleting something for privacy reasons,
-      // we want to get it on disk ASAP.
-      Commit();
-    }
+  if (begin_time.is_null() && (end_time.is_null() || end_time.is_max()) &&
+      restrict_urls.empty()) {
+    // Special case deleting all history so it can be faster and to reduce the
+    // possibility of an information leak.
+    DeleteAllHistory();
+  } else {
+    // Clearing parts of history, have the expirer do the depend
+    expirer_.ExpireHistoryBetween(restrict_urls, begin_time, end_time);
+
+    // Force a commit, if the user is deleting something for privacy reasons,
+    // we want to get it on disk ASAP.
+    Commit();
  }

  if (begin_time <= first_recorded_time_)