Skip to content

Commit

Permalink
[settings] Fix UaF bug in Chrome Settings Import Dialog
Browse files Browse the repository at this point in the history 
Bug: 1302813
Change-Id: I38683a87b195341f444a9d5b2bcbd1444dcac29d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3802769
Reviewed-by: John Lee <johntlee@chromium.org>
Commit-Queue: John Lee <johntlee@chromium.org>
Auto-Submit: Tommy Li <tommycli@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1030585}
  • Loading branch information
Tommy C. Li authored and Chromium LUCI CQ committed Aug 2, 2022
1 parent a8e0f70 commit 99db808
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions chrome/browser/ui/webui/settings/import_data_handler.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,14 @@ void ImportDataHandler::OnJavascriptDisallowed() {
// Cancels outstanding profile list detections.
importer_list_.reset();

// Stops listening to updates from any ongoing imports.
if (importer_host_)
// When the WebUI is unloading, we ignore all further updates from the host.
// Because we're no longer listening to the `ImportEnded` callback, we must
// also clear our pointer, as otherwise this can lead to a use-after-free
// in the destructor. https://crbug.com/1302813.
if (importer_host_) {
importer_host_->set_observer(nullptr);
importer_host_ = nullptr;
}
}

void ImportDataHandler::StartImport(
Expand Down

0 comments on commit 99db808

Please sign in to comment.