diff options
author | Michael BrĂ¼ning <michael.bruning@qt.io> | 2019-12-02 14:05:39 +0100 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2019-12-04 21:04:21 +0000 |
commit | e274a456ab5109712f6ba91e3b9410ab22a439fa (patch) | |
tree | 1880b4dad4b0d5fb41a8a80e8d469416f85f1e35 | |
parent | 4c5d12c41150ac34adae6095322f305fa65273eb (diff) | |
download | qtwebengine-chromium-e274a456ab5109712f6ba91e3b9410ab22a439fa.tar.gz |
[Backport] Fix for CVE-2019-5826
Fixed force close during pending connection open
During a force close of the database, the connections to that database
are iterated and force closed. The iteration method was not safe to
modification, and if there was a pending connection waiting to open,
that request would execute once all the other connections were
destroyed and create a new connection.
This change changes the iteration method to account for new connections
that are added during the iteration.
R=cmp@chromium.org
Bug: 941746
Change-Id: Idae4763a6249ece994eab485fbd40aa692a36052
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | chromium/content/browser/indexed_db/indexed_db_database.cc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/chromium/content/browser/indexed_db/indexed_db_database.cc b/chromium/content/browser/indexed_db/indexed_db_database.cc index 85b6f9d6911..8418828b211 100644 --- a/chromium/content/browser/indexed_db/indexed_db_database.cc +++ b/chromium/content/browser/indexed_db/indexed_db_database.cc @@ -2043,10 +2043,10 @@ void IndexedDBDatabase::DeleteDatabase( void IndexedDBDatabase::ForceClose() { // IndexedDBConnection::ForceClose() may delete this database, so hold ref. scoped_refptr<IndexedDBDatabase> protect(this); - auto it = connections_.begin(); - while (it != connections_.end()) { - IndexedDBConnection* connection = *it++; + while (!connections_.empty()) { + IndexedDBConnection* connection = *connections_.begin(); connection->ForceClose(); + connections_.erase(connection); } DCHECK(connections_.empty()); } |