chore: cherry-pick e2123a8e0943 from chromium #30452
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
StevenEBarbaro
added
13-x-y
backport-check-skip
electron-cation
bot
added
new-pr 🌱
codebytere
approved these changes
Aug 9, 2021
|
Release Notes Persisted
|
|
/trop run |
|
/trop run backport |
|
The backport process for this PR has been manually initiated - here we go! :D |
|
I have automatically backported this PR to "11-x-y", please check out #30579 |
|
I have automatically backported this PR to "12-x-y", please check out #30580 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Manually post task to bind FileUtilitiesHost.
The FileUtilitiesHost binder is posted to a separate sequence, and the
ServiceWorkerHost may be destroyed by the time the it runs, causing a
UAF.
This CL changes it so that, when we try to bind a new receiver, the
host's worker_process_id() is obtained first (on the service worker's
core thread) and then a task is posted to do the actual binding on a
USER_VISIBLE task runner.
Credit: This issue was first reported (with analysis) by
soulchen8650@gmail.com.
Bug: 1229298
Change-Id: I6d5c05a830ba30f6cb98bf2df70a3df3333f3dd9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041006
Reviewed-by: Kinuko Yasuda kinuko@chromium.org
Reviewed-by: Kouhei Ueno kouhei@chromium.org
Commit-Queue: Tal Pressman talp@google.com
Cr-Commit-Position: refs/heads/master@{#903832}
Notes: Security: backported fix for 1229298.