commit | 8ae1a64b43f15976289c2f06b1ce4767b27338ea | [log] [tgz] |
---|---|---|
author | Daniel Murphy <dmurph@chromium.org> | Fri May 24 00:56:59 2019 |
committer | Commit Bot <commit-bot@chromium.org> | Fri May 24 00:56:59 2019 |
tree | a22022c2f03cbd1dfbf3b782aeb3af1fd57336b1 | |
parent | b664d7326452786b3168f34d21ce24cbd3065dc6 [diff] |
[IndexedDB] Fix request reentry in IndexedDBDatabase During ForceClose, a closing connection could cause the active request to 'complete', triggering the rest of the requests to execute. Since the connections are cleared after-the-fact in ForceClose(), this caused a UAF. Instead having specialized weakptr factories here, this change creates a |force_closing_| variable which is set in ForceClose(), which is used to ensure reentry doesn't occur. R: pwnall@chromium.org Bug: 966557 Change-Id: Iaaf678853431c35299dc9289b505fdf66c19a88e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1627707 Commit-Queue: Daniel Murphy <dmurph@chromium.org> Reviewed-by: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#662926}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .