Skip to content

chore: cherry-pick 4c57222340cf from chromium #23009

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nornagon merged 6 commits into from
Apr 9, 2020
Merged

chore: cherry-pick 4c57222340cf from chromium #23009

nornagon merged 6 commits into from
Apr 9, 2020

Conversation

@nornagon
Copy link
Contributor

@nornagon nornagon commented Apr 8, 2020
edited
Loading

Make finished_source_handlers_ hold scoped_refptrs

Previously, finished_source_handlers_ held raw pointers to
AudioHandlers and assumed that active_source_handlers_ also had a
copy. But when the context goes away, active_source_handlers_ would
be cleared, but not finished_source_handlers_, leaving pointers to
deleted objects.

So do two things:

  1. Change finished_source_handlers_ to hold scoped_refptrs to manage
    lifetime of the objects
  2. Clear finished_source_handler_ in ClearHandlersToBeDeleted()

Either of these fix the repro case, but let's do both. Don't want to
leaving dangling objects.

Manually tested the repro case which no longer reproduces.

Bug: 1059686
Change-Id: I2f30c996e8589fa5c3890d32500c4bb4f3bc4286
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2098260
Reviewed-by: Hongchan Choi hongchan@chromium.org
Commit-Queue: Raymond Toy rtoy@chromium.org
Cr-Commit-Position: refs/heads/master@{#749302}

Notes: Security: backported fix for CVE-2020-6449: Use after free in audio.

@nornagon nornagon requested a review from a team as a code owner April 8, 2020 00:36
@nornagon nornagon added 7-2-x backport-check-skip Skip trop's backport validity checking labels Apr 8, 2020
@electron-cation electron-cation bot added new-pr 🌱 PR opened recently and removed new-pr 🌱 PR opened recently labels Apr 8, 2020
@deepak1556
Copy link
Member

deepak1556 commented Apr 9, 2020

Build needs to be fixed.

@nornagon
Copy link
Contributor Author

nornagon commented Apr 9, 2020

Should wait for #23013

@nornagon nornagon merged commit 9c92d87 into 7-2-x Apr 9, 2020
@release-clerk
Copy link

release-clerk bot commented Apr 9, 2020

Release Notes Persisted

Security: backported fix for CVE-2020-6449: Use after free in audio.

@nornagon nornagon deleted the cherry-pick/7-2-x/chromium/4c57222340cf branch April 9, 2020 22:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@deepak1556 deepak1556 deepak1556 approved these changes

@ppontes ppontes ppontes approved these changes

Assignees

No one assigned

Labels

7-2-x backport-check-skip Skip trop's backport validity checking

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nornagon @deepak1556 @ppontes