Thomas Anderson (Gerrit)

unread,

Jun 22, 2026, 5:32:56 PM (7 days ago) Jun 22

to chrome-che...@chops-service-accounts.iam.gserviceaccount.com, Thomas Lukaszewicz, chromium...@chromium.org, android-bu...@system.gserviceaccount.com, max+watc...@igalia.com, ozone-...@chromium.org, nickdiego+wa...@igalia.com

Attention needed from Thomas Lukaszewicz

Thomas Anderson voted

Code-Review	+1
Commit-Queue	+1

Open in Gerrit

Related details

Attention is currently required from:

Thomas Lukaszewicz

Submit Requirements:

Code-Owners
Code-Review
Lint
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

unsatisfied_requirement

satisfied_requirement

open

diffy

Thomas Lukaszewicz (Gerrit)

unread,

Jun 22, 2026, 6:19:06 PM (7 days ago) Jun 22

to chrome-che...@chops-service-accounts.iam.gserviceaccount.com, Thomas Anderson, Chromium LUCI CQ, chromium...@chromium.org, android-bu...@system.gserviceaccount.com, max+watc...@igalia.com, ozone-...@chromium.org, nickdiego+wa...@igalia.com

Attention needed from Thomas Anderson

Thomas Lukaszewicz voted Code-Review+1

Code-Review

+1

Open in Gerrit

Related details

Attention is currently required from:

Thomas Anderson

Submit Requirements:

Code-Owners
Code-Review
Lint
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Thomas Anderson (Gerrit)

unread,

Jun 22, 2026, 6:35:00 PM (6 days ago) Jun 22

to chrome-che...@chops-service-accounts.iam.gserviceaccount.com, Thomas Lukaszewicz, Chromium LUCI CQ, chromium...@chromium.org, android-bu...@system.gserviceaccount.com, max+watc...@igalia.com, ozone-...@chromium.org, nickdiego+wa...@igalia.com

Thomas Anderson voted Commit-Queue+2

Commit-Queue

+2

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Owners
Code-Review
Lint
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Chromium LUCI CQ (Gerrit)

unread,

Jun 22, 2026, 6:52:20 PM (6 days ago) Jun 22

to chrome-che...@chops-service-accounts.iam.gserviceaccount.com, Thomas Anderson, Thomas Lukaszewicz, chromium...@chromium.org, android-bu...@system.gserviceaccount.com, max+watc...@igalia.com, ozone-...@chromium.org, nickdiego+wa...@igalia.com

Chromium LUCI CQ submitted the change

Change information

Commit message:

[M148] [Ozone/Wayland] Fix UAF in WaylandWindow bubble activation/removal

Original change's description:
> [Ozone/Wayland] Fix UAF in WaylandWindow bubble activation/removal
>
> The delegate callback OnActivationChanged() on top-level/bubble windows
> may synchronously destroy the underlying platform window (e.g. if the
> associated widget closes synchronously).
>
> This CL adds base::WeakPtr guards to WaylandWindow::ActivateBubble() and
> WaylandWindow::RemoveBubble() immediately after invoking these callbacks
> to check if the window was destroyed, returning early if so. It also
> ensures child bubbles are safely erased from the child list only if they
> are still present.
>
> Fixed: 524584791
> Change-Id: Ia4c921dab990cbb5795a74d2a03e32155197fbfb
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7958809
> Commit-Queue: Thomas Lukaszewicz <tl...@chromium.org>
> Auto-Submit: Thomas Anderson <thomasa...@chromium.org>
> Reviewed-by: Thomas Lukaszewicz <tl...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1648660}

(cherry picked from commit 9f9a3573e334d4f3aa2b09dfa7825aa30738a276)

Fixed: 525280717

Bug: 524584791

Change-Id: Ia4c921dab990cbb5795a74d2a03e32155197fbfb

Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7965757

Reviewed-by: Thomas Lukaszewicz <tl...@chromium.org>

Commit-Queue: Thomas Anderson <thomasa...@chromium.org>

Reviewed-by: Thomas Anderson <thomasa...@chromium.org>

Cr-Commit-Position: refs/branch-heads/7778@{#4406}

Cr-Branched-From: 77f495ee216d4c3cc784d33658bad4778c0680ee-refs/heads/main@{#1610480}

Files:

M ui/ozone/platform/wayland/host/wayland_window.cc
M ui/ozone/platform/wayland/host/wayland_window_unittest.cc

Change size: M

Delta: 2 files changed, 78 insertions(+), 3 deletions(-)

Branch: refs/branch-heads/7778

Submit Requirements:

Code-Review: +1 by Thomas Anderson, +1 by Thomas Lukaszewicz

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Reply all

Reply to author

Forward

[M148] [Ozone/Wayland] Fix UAF in WaylandWindow bubble activation/removal [chromium/src : refs/branch-heads/7778]

Thomas Anderson (Gerrit)

Thomas Anderson voted

Related details

Thomas Lukaszewicz (Gerrit)

Thomas Lukaszewicz voted Code-Review+1

Related details

Thomas Anderson (Gerrit)

Thomas Anderson voted Commit-Queue+2

Related details

Chromium LUCI CQ (Gerrit)

Chromium LUCI CQ submitted the change

Change information