Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 9bebe8549a36 from chromium #35884

Merged
merged 2 commits into from Oct 4, 2022
Merged

chore: cherry-pick 9bebe8549a36 from chromium #35884

merged 2 commits into from Oct 4, 2022

Conversation

nornagon
Copy link
Member

@nornagon nornagon commented Oct 3, 2022

[M106] Ensure iterator validity in CustomElementRegistry::DefineInternal()

Currently, this function first resolves a promise, and then erases an
iterator from a hash map, but the promise resolving may run synchronous
JavaScript that invalidates the iterator.

This patch switches the ordering so that we always use the iterator when
it's valid.

(cherry picked from commit ed87ab54b29898a96a87e8fd497425db32539350)

(cherry picked from commit b0bfc4334369bd1d44bc6507dfefc012afb7e12d)

Fixed: 1366813
Change-Id: Iaa6631db5f3ad47049f46ddf909f18a49e5880c0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3915346
Commit-Queue: Xiaocheng Hu xiaochengh@chromium.org
Reviewed-by: Joey Arhar jarhar@chromium.org
Cr-Original-Original-Commit-Position: refs/heads/main@{#1050816}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3922738
Commit-Queue: Joey Arhar jarhar@chromium.org
Auto-Submit: Xiaocheng Hu xiaochengh@chromium.org
Cr-Original-Commit-Position: refs/branch-heads/5304@{#203}
Cr-Original-Branched-From: 5d7b1fc9cb7103d9c82eed647cf4be38cf09738b-refs/heads/main@{#1047731}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3924290
Cr-Commit-Position: refs/branch-heads/5249@{#686}
Cr-Branched-From: 4f7bea5de862aaa52e6bde5920755a9ef9db120b-refs/heads/main@{#1036826}

Ref electron/security#223

Notes: Security: backported fix for CVE-2022-3370.

@nornagon nornagon requested review from a team as code owners October 3, 2022 22:47
@nornagon nornagon added 18-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes labels Oct 3, 2022
@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels Oct 3, 2022
@codebytere codebytere merged commit 96f838f into 18-x-y Oct 4, 2022
@codebytere codebytere deleted the cherry-pick/18-x-y/chromium/9bebe8549a36 branch October 4, 2022 13:48
@release-clerk
Copy link

release-clerk bot commented Oct 4, 2022

Release Notes Persisted

Security: backported fix for CVE-2022-3370.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codebytere codebytere codebytere approved these changes

Assignees
No one assigned
Labels
18-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@nornagon @codebytere