Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: cherry-pick 4c57222340cf from chromium #23009

merged 6 commits into from Apr 9, 2020


Copy link

@nornagon nornagon commented Apr 8, 2020

Make finished_source_handlers_ hold scoped_refptrs

Previously, finished_source_handlers_ held raw pointers to
AudioHandlers and assumed that active_source_handlers_ also had a
copy. But when the context goes away, active_source_handlers_ would
be cleared, but not finished_source_handlers_, leaving pointers to
deleted objects.

So do two things:

  1. Change finished_source_handlers_ to hold scoped_refptrs to manage
    lifetime of the objects
  2. Clear finished_source_handler_ in ClearHandlersToBeDeleted()

Either of these fix the repro case, but let's do both. Don't want to
leaving dangling objects.

Manually tested the repro case which no longer reproduces.

Bug: 1059686
Change-Id: I2f30c996e8589fa5c3890d32500c4bb4f3bc4286
Reviewed-by: Hongchan Choi
Commit-Queue: Raymond Toy
Cr-Commit-Position: refs/heads/master@{#749302}

Notes: Security: backported fix for CVE-2020-6449: Use after free in audio.

Copy link

@deepak1556 deepak1556 commented Apr 9, 2020

Build needs to be fixed.

Copy link
Member Author

@nornagon nornagon commented Apr 9, 2020

Should wait for #23013

ppontes approved these changes Apr 9, 2020
@nornagon nornagon merged commit 9c92d87 into 7-2-x Apr 9, 2020
15 of 16 checks passed
Copy link

@release-clerk release-clerk bot commented Apr 9, 2020

Release Notes Persisted

Security: backported fix for CVE-2020-6449: Use after free in audio.

@nornagon nornagon deleted the cherry-pick/7-2-x/chromium/4c57222340cf branch Apr 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants