cros: Fix use-after-free in tap visualizer app

|display_id_to_renderer_| has dependency on aura. When used as a mojo app, |aura_init_| provide aura and should be released after it. Bug: None Change-Id: Ice4410def29166c77ebc8431fd62995c5dbe57f7 Reviewed-on: https://chromium-review.googlesource.com/c/1357082Reviewed-by: James Cook <jamescook@chromium.org> Commit-Queue: Xiyuan Xia <xiyuan@chromium.org> Cr-Commit-Position: refs/heads/master@{#612844}

cros: Fix use-after-free in tap visualizer app
|display_id_to_renderer_| has dependency on aura. When used as a mojo app, |aura_init_| provide aura and should be released after it. Bug: None Change-Id: Ice4410def29166c77ebc8431fd62995c5dbe57f7 Reviewed-on: https://chromium-review.googlesource.com/c/1357082Reviewed-by: James Cook <jamescook@chromium.org> Commit-Queue: Xiyuan Xia <xiyuan@chromium.org> Cr-Commit-Position: refs/heads/master@{#612844}
ab98b58b · Xiyuan Xia · Commit Bot · ab632b25 · ab98b58b
Commit ab98b58b authored Nov 30, 2018 by Xiyuan Xia Committed by Commit Bot Nov 30, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

ash/components/tap_visualizer/tap_visualizer_app.h ash/components/tap_visualizer/tap_visualizer_app.h +4 -2

No files found.
--- a/ash/components/tap_visualizer/tap_visualizer_app.h
+++ b/ash/components/tap_visualizer/tap_visualizer_app.h
@@ -56,11 +56,13 @@ class TapVisualizerApp : public service_manager::Service,
  service_manager::ServiceBinding service_binding_;
+  // Must be released after |display_id_to_renderer_| which indirectly depends
+  // on aura.
+  std::unique_ptr<views::AuraInit> aura_init_;
  // Maps display::Display::id() to the renderer for that display.
  std::map<int64_t, std::unique_ptr<TapRenderer>> display_id_to_renderer_;
-  std::unique_ptr<views::AuraInit> aura_init_;
  DISALLOW_COPY_AND_ASSIGN(TapVisualizerApp);
 };