1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
|
From e1b1f3a5f273c8da533fad495b9de316e2c83c9b Mon Sep 17 00:00:00 2001
From: jdoerrie <jdoerrie@chromium.org>
Date: Sat, 16 Mar 2019 04:08:01 +0000
Subject: [PATCH] [base] Add Dead Type to base::Value
This change adds a temporary DEAD type to base::Value which should help
to track down use-after-free bugs. Furthermore, this change also removes
the now unneeded is_alive_ flag.
Bug: 859477, 941404
Change-Id: I9b7a2f3cbb0b22d7e3ed35b2453537419f3f7e55
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1478897
Reviewed-by: Pavol Marko <pmarko@chromium.org>
Reviewed-by: Tao Bai <michaelbai@chromium.org>
Reviewed-by: Thomas Anderson <thomasanderson@chromium.org>
Reviewed-by: Mike Pinkerton <pinkerton@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: David Turner <digit@chromium.org>
Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#641404}
---
base/json/json_writer.cc | 5 ++
base/values.cc | 68 ++++++++++++-------
base/values.h | 23 ++-----
base/values_unittest.cc | 10 ++-
.../ui/cocoa/applescript/apple_event_util.mm | 10 +++
chromeos/network/onc/variable_expander.cc | 6 ++
.../core/browser/android/policy_converter.cc | 11 ++-
.../core/common/policy_loader_win_unittest.cc | 8 ++-
.../policy/core/common/policy_test_utils.cc | 5 ++
.../policy/core/common/registry_dict.cc | 4 ++
.../gin_java_script_to_java_types_coercion.cc | 8 ++-
ipc/ipc_message_utils.cc | 11 ++-
mojo/public/cpp/base/values_mojom_traits.h | 7 +-
.../ppb_x509_certificate_private_shared.cc | 2 +
14 files changed, 127 insertions(+), 51 deletions(-)
diff --git a/base/json/json_writer.cc b/base/json/json_writer.cc
index 376a459f9a46..cd020e7fa0c0 100644
--- a/base/json/json_writer.cc
+++ b/base/json/json_writer.cc
@@ -179,6 +179,11 @@ bool JSONWriter::BuildJSONString(const Value& node, size_t depth) {
// Successful only if we're allowed to omit it.
DLOG_IF(ERROR, !omit_binary_values_) << "Cannot serialize binary value.";
return omit_binary_values_;
+
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ case Value::Type::DEAD:
+ CHECK(false);
+ return false;
}
// TODO(crbug.com/859477): Revert to NOTREACHED() after root cause is found.
diff --git a/base/values.cc b/base/values.cc
index 0c002551b317..035aa2350cde 100644
--- a/base/values.cc
+++ b/base/values.cc
@@ -90,8 +90,6 @@ std::unique_ptr<Value> CopyWithoutEmptyChildren(const Value& node) {
} // namespace
-constexpr uint16_t Value::kMagicIsAlive;
-
// static
std::unique_ptr<Value> Value::CreateWithCopiedBuffer(const char* buffer,
size_t size) {
@@ -112,9 +110,9 @@ Value::Value(Value&& that) noexcept {
InternalMoveConstructFrom(std::move(that));
}
-Value::Value() noexcept : type_(Type::NONE), is_alive_(kMagicIsAlive) {}
+Value::Value() noexcept : type_(Type::NONE) {}
-Value::Value(Type type) : type_(type), is_alive_(kMagicIsAlive) {
+Value::Value(Type type) : type_(type) {
// Initialize with the default value.
switch (type_) {
case Type::NONE:
@@ -141,22 +139,26 @@ Value::Value(Type type) : type_(type), is_alive_(kMagicIsAlive) {
case Type::LIST:
new (&list_) ListStorage();
return;
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ case Type::DEAD:
+ CHECK(false);
+ return;
}
+
+ // TODO(crbug.com/859477): Revert to NOTREACHED() after root cause is found.
+ CHECK(false);
}
Value::Value(bool in_bool)
: bool_type_(Type::BOOLEAN),
- bool_is_alive_(kMagicIsAlive),
bool_value_(in_bool) {}
Value::Value(int in_int)
: int_type_(Type::INTEGER),
- int_is_alive_(kMagicIsAlive),
int_value_(in_int) {}
Value::Value(double in_double)
: double_type_(Type::DOUBLE),
- double_is_alive_(kMagicIsAlive),
double_value_(in_double) {
if (!std::isfinite(double_value_)) {
NOTREACHED() << "Non-finite (i.e. NaN or positive/negative infinity) "
@@ -171,7 +173,6 @@ Value::Value(StringPiece in_string) : Value(std::string(in_string)) {}
Value::Value(std::string&& in_string) noexcept
: string_type_(Type::STRING),
- string_is_alive_(kMagicIsAlive),
string_value_(std::move(in_string)) {
DCHECK(IsStringUTF8(string_value_));
}
@@ -182,21 +183,18 @@ Value::Value(StringPiece16 in_string16) : Value(UTF16ToUTF8(in_string16)) {}
Value::Value(const std::vector<char>& in_blob)
: binary_type_(Type::BINARY),
- binary_is_alive_(kMagicIsAlive),
binary_value_(in_blob.begin(), in_blob.end()) {}
Value::Value(base::span<const uint8_t> in_blob)
: binary_type_(Type::BINARY),
- binary_is_alive_(kMagicIsAlive),
binary_value_(in_blob.begin(), in_blob.end()) {}
Value::Value(BlobStorage&& in_blob) noexcept
: binary_type_(Type::BINARY),
- binary_is_alive_(kMagicIsAlive),
binary_value_(std::move(in_blob)) {}
Value::Value(const DictStorage& in_dict)
- : dict_type_(Type::DICTIONARY), dict_is_alive_(kMagicIsAlive), dict_() {
+ : dict_type_(Type::DICTIONARY), dict_() {
dict_.reserve(in_dict.size());
for (const auto& it : in_dict) {
dict_.try_emplace(dict_.end(), it.first,
@@ -206,11 +204,9 @@ Value::Value(const DictStorage& in_dict)
Value::Value(DictStorage&& in_dict) noexcept
: dict_type_(Type::DICTIONARY),
- dict_is_alive_(kMagicIsAlive),
dict_(std::move(in_dict)) {}
-Value::Value(const ListStorage& in_list)
- : list_type_(Type::LIST), list_is_alive_(kMagicIsAlive), list_() {
+Value::Value(const ListStorage& in_list) : list_type_(Type::LIST), list_() {
list_.reserve(in_list.size());
for (const auto& val : in_list)
list_.emplace_back(val.Clone());
@@ -218,7 +214,6 @@ Value::Value(const ListStorage& in_list)
Value::Value(ListStorage&& in_list) noexcept
: list_type_(Type::LIST),
- list_is_alive_(kMagicIsAlive),
list_(std::move(in_list)) {}
Value& Value::operator=(Value&& that) noexcept {
@@ -246,15 +241,21 @@ Value Value::Clone() const {
return Value(dict_);
case Type::LIST:
return Value(list_);
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ case Type::DEAD:
+ CHECK(false);
+ return Value();
}
- NOTREACHED();
+ // TODO(crbug.com/859477): Revert to NOTREACHED() after root cause is found.
+ CHECK(false);
return Value();
}
Value::~Value() {
InternalCleanup();
- is_alive_ = 0;
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ type_ = Type::DEAD;
}
// static
@@ -654,9 +655,14 @@ bool operator==(const Value& lhs, const Value& rhs) {
});
case Value::Type::LIST:
return lhs.list_ == rhs.list_;
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ case Value::Type::DEAD:
+ CHECK(false);
+ return false;
}
- NOTREACHED();
+ // TODO(crbug.com/859477): Revert to NOTREACHED() after root cause is found.
+ CHECK(false);
return false;
}
@@ -693,9 +699,14 @@ bool operator<(const Value& lhs, const Value& rhs) {
});
case Value::Type::LIST:
return lhs.list_ < rhs.list_;
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ case Value::Type::DEAD:
+ CHECK(false);
+ return false;
}
- NOTREACHED();
+ // TODO(crbug.com/859477): Revert to NOTREACHED() after root cause is found.
+ CHECK(false);
return false;
}
@@ -733,7 +744,6 @@ size_t Value::EstimateMemoryUsage() const {
void Value::InternalMoveConstructFrom(Value&& that) {
type_ = that.type_;
- is_alive_ = that.is_alive_;
switch (type_) {
case Type::NONE:
@@ -759,12 +769,17 @@ void Value::InternalMoveConstructFrom(Value&& that) {
case Type::LIST:
new (&list_) ListStorage(std::move(that.list_));
return;
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ case Type::DEAD:
+ CHECK(false);
+ return;
}
+
+ // TODO(crbug.com/859477): Revert to NOTREACHED() after root cause is found.
+ CHECK(false);
}
void Value::InternalCleanup() {
- CHECK_EQ(is_alive_, kMagicIsAlive);
-
switch (type_) {
case Type::NONE:
case Type::BOOLEAN:
@@ -785,7 +800,14 @@ void Value::InternalCleanup() {
case Type::LIST:
list_.~ListStorage();
return;
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ case Type::DEAD:
+ CHECK(false);
+ return;
}
+
+ // TODO(crbug.com/859477): Revert to NOTREACHED() after root cause is found.
+ CHECK(false);
}
///////////////////// DictionaryValue ////////////////////
diff --git a/base/values.h b/base/values.h
index 429ef1dfdebd..e31cadd83102 100644
--- a/base/values.h
+++ b/base/values.h
@@ -92,7 +92,9 @@ class BASE_EXPORT Value {
STRING,
BINARY,
DICTIONARY,
- LIST
+ LIST,
+ // TODO(crbug.com/859477): Remove once root cause is found.
+ DEAD
// Note: Do not add more types. See the file-level comment above for why.
};
@@ -375,10 +377,6 @@ class BASE_EXPORT Value {
size_t EstimateMemoryUsage() const;
protected:
- // Magic IsAlive signature to debug double frees.
- // TODO(crbug.com/859477): Remove once root cause is found.
- static constexpr uint16_t kMagicIsAlive = 0x2f19;
-
// Technical note:
// The naive way to implement a tagged union leads to wasted bytes
// in the object on CPUs like ARM ones, which impose an 8-byte alignment
@@ -408,8 +406,8 @@ class BASE_EXPORT Value {
// that |double_value_| below is always located at an offset that is a
// multiple of 8, relative to the start of the overall data structure.
//
- // Each struct must declare its own |type_| and |is_alive_| field, which
- // must have a different name, to appease the C++ compiler.
+ // Each struct must declare its own |type_| field, which must have a different
+ // name, to appease the C++ compiler.
//
// Using this technique sizeof(base::Value) == 16 on 32-bit ARM instead
// of 24, without losing any information. Results are unchanged for x86,
@@ -419,24 +417,17 @@ class BASE_EXPORT Value {
// TODO(crbug.com/646113): Make these private once DictionaryValue and
// ListValue are properly inlined.
Type type_ : 8;
-
- // IsAlive member to debug double frees.
- // TODO(crbug.com/859477): Remove once root cause is found.
- uint16_t is_alive_ = kMagicIsAlive;
};
struct {
Type bool_type_ : 8;
- uint16_t bool_is_alive_;
bool bool_value_;
};
struct {
Type int_type_ : 8;
- uint16_t int_is_alive_;
int int_value_;
};
struct {
Type double_type_ : 8;
- uint16_t double_is_alive_;
// Subtle: On architectures that require it, the compiler will ensure
// that |double_value_|'s offset is a multiple of 8 (e.g. 32-bit ARM).
// See technical note above to understand why it is important.
@@ -444,22 +435,18 @@ class BASE_EXPORT Value {
};
struct {
Type string_type_ : 8;
- uint16_t string_is_alive_;
std::string string_value_;
};
struct {
Type binary_type_ : 8;
- uint16_t binary_is_alive_;
BlobStorage binary_value_;
};
struct {
Type dict_type_ : 8;
- uint16_t dict_is_alive_;
DictStorage dict_;
};
struct {
Type list_type_ : 8;
- uint16_t list_is_alive_;
ListStorage list_;
};
};
diff --git a/base/values_unittest.cc b/base/values_unittest.cc
index 0a641bcc7ef4..b23fd8332491 100644
--- a/base/values_unittest.cc
+++ b/base/values_unittest.cc
@@ -20,17 +20,20 @@
#include "base/strings/string16.h"
#include "base/strings/string_piece.h"
#include "base/strings/utf_string_conversions.h"
+#include "build/build_config.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace base {
+// Test is currently incorrect on Windows x86.
+#if !defined(OS_WIN) || !defined(ARCH_CPU_X86)
TEST(ValuesTest, SizeOfValue) {
// Ensure that base::Value is as small as possible, i.e. that there is
// no wasted space after the inner value due to alignment constraints.
- // Distinguish between the 'header' that includes |type_| and |is_alive_|
- // and the inner value that follows it, which can be a bool, int, double,
- // string, blob, list or dict.
+ // Distinguish between the 'header' that includes |type_| and and the inner
+ // value that follows it, which can be a bool, int, double, string, blob, list
+ // or dict.
#define INNER_TYPES_LIST(X) \
X(bool, bool_value_) \
X(int, int_value_) \
@@ -61,6 +64,7 @@ TEST(ValuesTest, SizeOfValue) {
LOG(INFO) << "max_inner_struct_limit=" << max_inner_struct_limit;
}
}
+#endif
TEST(ValuesTest, TestNothrow) {
static_assert(std::is_nothrow_move_constructible<Value>::value,
diff --git a/chrome/browser/ui/cocoa/applescript/apple_event_util.mm b/chrome/browser/ui/cocoa/applescript/apple_event_util.mm
index 16d685607ced..25a59338ee73 100644
--- a/chrome/browser/ui/cocoa/applescript/apple_event_util.mm
+++ b/chrome/browser/ui/cocoa/applescript/apple_event_util.mm
@@ -96,6 +96,16 @@ NSAppleEventDescriptor* ValueToAppleEventDescriptor(const base::Value* value) {
}
break;
}
+
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ case base::Value::Type::DEAD:
+ CHECK(false);
+ break;
+
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ default:
+ CHECK(false);
+ break;
}
return descriptor;
diff --git a/chromeos/network/onc/variable_expander.cc b/chromeos/network/onc/variable_expander.cc
index fd72752c2aa6..cd5bbb238eb3 100644
--- a/chromeos/network/onc/variable_expander.cc
+++ b/chromeos/network/onc/variable_expander.cc
@@ -145,6 +145,12 @@ bool VariableExpander::ExpandValue(base::Value* value) const {
// Nothing to do here.
break;
}
+
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ case base::Value::Type::DEAD: {
+ CHECK(false);
+ break;
+ }
}
return no_error;
}
diff --git a/components/policy/core/browser/android/policy_converter.cc b/components/policy/core/browser/android/policy_converter.cc
index b711a64febc9..9d41ad0d1507 100644
--- a/components/policy/core/browser/android/policy_converter.cc
+++ b/components/policy/core/browser/android/policy_converter.cc
@@ -175,10 +175,17 @@ std::unique_ptr<base::Value> PolicyConverter::ConvertValueToSchema(
}
return value;
}
+
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ case base::Value::Type::DEAD: {
+ CHECK(false);
+ return nullptr;
+ }
}
- NOTREACHED();
- return std::unique_ptr<base::Value>();
+ // TODO(crbug.com/859477): Revert to NOTREACHED() after root cause is found.
+ CHECK(false);
+ return nullptr;
}
void PolicyConverter::SetPolicyValue(const std::string& key,
diff --git a/components/policy/core/common/policy_loader_win_unittest.cc b/components/policy/core/common/policy_loader_win_unittest.cc
index 311e7fb122fc..0377307c5e28 100644
--- a/components/policy/core/common/policy_loader_win_unittest.cc
+++ b/components/policy/core/common/policy_loader_win_unittest.cc
@@ -133,8 +133,14 @@ bool InstallValue(const base::Value& value,
case base::Value::Type::BINARY:
return false;
+
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ case base::Value::Type::DEAD:
+ CHECK(false);
+ return false;
}
- NOTREACHED();
+ // TODO(crbug.com/859477): Revert to NOTREACHED() after root cause is found.
+ CHECK(false);
return false;
}
diff --git a/components/policy/core/common/policy_test_utils.cc b/components/policy/core/common/policy_test_utils.cc
index 5af98b47275c..919f004153ec 100644
--- a/components/policy/core/common/policy_test_utils.cc
+++ b/components/policy/core/common/policy_test_utils.cc
@@ -137,6 +137,11 @@ CFPropertyListRef ValueToProperty(const base::Value& value) {
// because there's no equivalent JSON type, and policy values can only
// take valid JSON values.
break;
+
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ case base::Value::Type::DEAD:
+ CHECK(false);
+ break;
}
return NULL;
diff --git a/components/policy/core/common/registry_dict.cc b/components/policy/core/common/registry_dict.cc
index f3ed372bdcb3..696ba7e04abe 100644
--- a/components/policy/core/common/registry_dict.cc
+++ b/components/policy/core/common/registry_dict.cc
@@ -135,6 +135,10 @@ std::unique_ptr<base::Value> ConvertRegistryValue(const base::Value& value,
case base::Value::Type::BINARY:
// No conversion possible.
break;
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ case base::Value::Type::DEAD:
+ CHECK(false);
+ return nullptr;
}
LOG(WARNING) << "Failed to convert " << value.type() << " to "
diff --git a/content/browser/android/java/gin_java_script_to_java_types_coercion.cc b/content/browser/android/java/gin_java_script_to_java_types_coercion.cc
index dabd66ba8c72..84fd5489a414 100644
--- a/content/browser/android/java/gin_java_script_to_java_types_coercion.cc
+++ b/content/browser/android/java/gin_java_script_to_java_types_coercion.cc
@@ -722,8 +722,14 @@ jvalue CoerceJavaScriptValueToJavaValue(JNIEnv* env,
case base::Value::Type::BINARY:
return CoerceGinJavaBridgeValueToJavaValue(
env, value, target_type, coerce_to_string, object_refs, error);
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ case base::Value::Type::DEAD:
+ CHECK(false);
+ return jvalue();
}
- NOTREACHED();
+
+ // TODO(crbug.com/859477): Revert to NOTREACHED() after root cause is found.
+ CHECK(false);
return jvalue();
}
diff --git a/ipc/ipc_message_utils.cc b/ipc/ipc_message_utils.cc
index ec04c77c6c18..df6ec39bd663 100644
--- a/ipc/ipc_message_utils.cc
+++ b/ipc/ipc_message_utils.cc
@@ -92,7 +92,7 @@ void WriteValue(base::Pickle* m, const base::Value* value, int recursion) {
switch (value->type()) {
case base::Value::Type::NONE:
- break;
+ break;
case base::Value::Type::BOOLEAN: {
bool val;
result = value->GetAsBoolean(&val);
@@ -147,6 +147,11 @@ void WriteValue(base::Pickle* m, const base::Value* value, int recursion) {
}
break;
}
+
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ default:
+ CHECK(false);
+ break;
}
}
@@ -260,7 +265,9 @@ bool ReadValue(const base::Pickle* m,
break;
}
default:
- return false;
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ CHECK(false);
+ return false;
}
return true;
diff --git a/mojo/public/cpp/base/values_mojom_traits.h b/mojo/public/cpp/base/values_mojom_traits.h
index cdb9bbbd94df..66752b7c90d8 100644
--- a/mojo/public/cpp/base/values_mojom_traits.h
+++ b/mojo/public/cpp/base/values_mojom_traits.h
@@ -86,8 +86,13 @@ struct COMPONENT_EXPORT(MOJO_BASE_SHARED_TRAITS)
return mojo_base::mojom::ValueDataView::Tag::DICTIONARY_VALUE;
case base::Value::Type::LIST:
return mojo_base::mojom::ValueDataView::Tag::LIST_VALUE;
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ case base::Value::Type::DEAD:
+ CHECK(false);
+ return mojo_base::mojom::ValueDataView::Tag::NULL_VALUE;
}
- NOTREACHED();
+ // TODO(crbug.com/859477): Revert to NOTREACHED() after root cause is found.
+ CHECK(false);
return mojo_base::mojom::ValueDataView::Tag::NULL_VALUE;
}
diff --git a/ppapi/shared_impl/private/ppb_x509_certificate_private_shared.cc b/ppapi/shared_impl/private/ppb_x509_certificate_private_shared.cc
index 6ffff36337e0..7f392d50f718 100644
--- a/ppapi/shared_impl/private/ppb_x509_certificate_private_shared.cc
+++ b/ppapi/shared_impl/private/ppb_x509_certificate_private_shared.cc
@@ -73,6 +73,8 @@ PP_Var PPB_X509Certificate_Fields::GetFieldAsPPVar(
}
case base::Value::Type::DICTIONARY:
case base::Value::Type::LIST:
+ // TODO(crbug.com/859477): Remove after root cause is found.
+ case base::Value::Type::DEAD:
// Not handled.
break;
}
--
2.21.0
|
GitWeb