commit | 9da6b6453c6f2e83755251473b06d39627471a8c | [log] [tgz] |
---|---|---|
author | Toni Barzic <tbarzic@chromium.org> | Tue May 10 00:00:26 2022 |
committer | Chromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com> | Tue May 10 00:00:26 2022 |
tree | eb9af353d0576bb121f364f7055b71d6d372bd6f | |
parent | f7aa7636b221fe0d2007559695b55bd0fedf3820 [diff] |
Speculative fix for UAF in video recording watcher VideoRecordingWatcher schedules a timer to handle window size changes whenever recorded window size changes. When fired the timer callback tries to get size from the recorded window, assuming that it's safe to access the recorded window while video recording watcher is in scope. The video recording watcher observes the recorded window, and ends video recording when the recoded window gets deleted (which ends up calling VideoRecordingWatcher::Shutdown()), but this does not delete the video recording object immediately, so the window size change timer may outlive the recorded window. This CL stops the window size change throttle timer when the video recording watcher is shutdown. BUG=1323553 Change-Id: If374e44fe813eaa770a8d08aaa811fa2ce18da08 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3636561 Reviewed-by: Ahmed Fakhry <afakhry@chromium.org> Commit-Queue: Toni Barzic <tbarzic@chromium.org> Cr-Commit-Position: refs/heads/main@{#1001254}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
To check out the source code locally, don't use git clone
! Instead, follow the instructions on how to get the code.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .
For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.
If you found a bug, please file it at https://crbug.com/new.