[Passwords] Add self check to CPMC::OnPaste

This change adds a self check to ChromePasswordManagerClient::OnPaste before dereferencing members. Bug: 1161147 Change-Id: Ic36e5882d43bc3eae87c82e4d021cffca7ec8900 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2628950 Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Reviewed-by: Friedrich [CET] <fhorschig@chromium.org> Cr-Commit-Position: refs/heads/master@{#843613}

[Passwords] Add self check to CPMC::OnPaste
This change adds a self check to ChromePasswordManagerClient::OnPaste before dereferencing members. Bug: 1161147 Change-Id: Ic36e5882d43bc3eae87c82e4d021cffca7ec8900 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2628950 Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Reviewed-by: Friedrich [CET] <fhorschig@chromium.org> Cr-Commit-Position: refs/heads/master@{#843613}
f46e7ff3 · Jan Wilken Dörrie · Chromium LUCI CQ · 4b7be819 · f46e7ff3 · f46e7ff3
Commit f46e7ff3 authored Jan 14, 2021 by Jan Wilken Dörrie Committed by Chromium LUCI CQ Jan 14, 2021
2 changed files
--- a/chrome/browser/password_manager/chrome_password_manager_client.cc
+++ b/chrome/browser/password_manager/chrome_password_manager_client.cc
@@ -1316,6 +1316,12 @@ void ChromePasswordManagerClient::OnPaste() {

  base::string16 text;
  bool used_crosapi_workaround = false;
+
+  // Note: The call to `clipboard->ReadText()` below runs a nested message loop,
+  // potentially returning control back to this method after the client has been
+  // destroyed. Check `self` prior to dereferencing members.
+  base::WeakPtr<ChromePasswordManagerClient> self =
+      weak_ptr_factory_.GetWeakPtr();
 #if BUILDFLAG(IS_CHROMEOS_LACROS)
  // On Lacros, the ozone/wayland clipboard implementation is asynchronous by
  // default and runs a nested message loop to fake synchroncity. This in turn
@@ -1347,8 +1353,10 @@ void ChromePasswordManagerClient::OnPaste() {
    clipboard->ReadText(ui::ClipboardBuffer::kCopyPaste, &data_dst, &text);
  }

-  was_on_paste_called_ = true;
-  password_reuse_detection_manager_.OnPaste(std::move(text));
+  if (self) {
+    was_on_paste_called_ = true;
+    password_reuse_detection_manager_.OnPaste(std::move(text));
+  }
 }
 #endif


--- a/chrome/browser/password_manager/chrome_password_manager_client.h
+++ b/chrome/browser/password_manager/chrome_password_manager_client.h
@@ -12,6 +12,7 @@

 #include "base/compiler_specific.h"
 #include "base/macros.h"
+#include "base/memory/weak_ptr.h"
 #include "base/optional.h"
 #include "build/build_config.h"
 #include "build/chromeos_buildflags.h"
@@ -418,6 +419,11 @@ class ChromePasswordManagerClient
  // ChromePasswordManagerClient and IOSChromePasswordManagerClient.
  password_manager::PasswordManagerClientHelper helper_;

+  // This is added as a workaround for an issue inside OnPaste(). Please don't
+  // just use the WeakPtrs returned from this factory blindly, but make a
+  // informed decision after carefully considering the involved lifetimes.
+  base::WeakPtrFactory<ChromePasswordManagerClient> weak_ptr_factory_{this};
+
  WEB_CONTENTS_USER_DATA_KEY_DECL();

  DISALLOW_COPY_AND_ASSIGN(ChromePasswordManagerClient);