commit | 6cba1182f548fdf914119f071f7138a5c0efb036 | [log] [tgz] |
---|---|---|
author | Daniel Murphy <dmurph@chromium.org> | Sat May 25 00:28:58 2019 |
committer | Commit Bot <commit-bot@chromium.org> | Sat May 25 00:28:58 2019 |
tree | 7a527b83ad77c68d91edff120b43e1e946d589c9 | |
parent | 3a61e7f37785492a286a694c544de2a964907c0b [diff] |
[IndexedDB] Fix RequestComplete() reentry UAF Destroying an ConnectionRequest can cause the IndexedDBDatabase to destruct through ConnectionClosed(). This can cause a UAF in RequestComplete(). This change creates a WeakPtr there that can be checked before continuing. R=pwnall@chromium.org Bug: 966762 Change-Id: Ieda327d36390d6941771475725415e2ae65f336d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1629171 Commit-Queue: Daniel Murphy <dmurph@chromium.org> Reviewed-by: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#663344}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .