Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix OOB in OnBluetoothScanningPromptEvent
This changes fixes an OOB access that may occur in WebBluetoothServiceImpl::OnBluetoothScanningPromptEvent(). The method assumes that |scanning_clients_| will be populated when the method is called, however it can be cleared if a Mojo connection error is triggered. The method now returns if |scanning_clients_| is empty, and it uses the back() and pop() methods of vector to further prevent accidental OOB access. Additionally, in BluetoothDeviceScanningPromptController, the EventHandler binding is updated so that the lifetime of the class is associated with the binding. (cherry picked from commit 405c014) Bug: 1024116 Change-Id: I2008f7bc1ce65be1d94d39370ac8593f5ff418e8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1916686 Commit-Queue: Ovidio de Jesús Ruiz-Henríquez <odejesush@chromium.org> Reviewed-by: Reilly Grant <reillyg@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#715472} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1918661 Reviewed-by: Krishna Govind <govind@chromium.org> Cr-Commit-Position: refs/branch-heads/3966@{#6} Cr-Branched-From: 71c035f-refs/heads/master@{#714552}
- Loading branch information