diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-10-14 13:23:51 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-10-14 12:33:07 +0000 |
commit | 495b2ebcd9d3ea3ee5893dad4d66333862eda493 (patch) | |
tree | a73d862a5adcae3d951322482b2a413d77a386ac | |
parent | f0e6f7f8a392b14c602c987534d98c3626e60ac8 (diff) | |
download | qtwebengine-chromium-495b2ebcd9d3ea3ee5893dad4d66333862eda493.tar.gz |
[Backport] CVE-2019-13687
[Video Capture Manager] Convert pointers from Unretained to WeakPtr.
This CL replaces the usage of unretained pointers with weak pointers
in VideoCaptureManager.
This conversion is safe because all places where the pointers are saved
are on the IO thread as well as the place were the callbacks are then
executed (see line 326 and 348).
BUG=998548
(cherry picked from commit b740a6052b00ebeec4bdc3044a130aab0c64ab05)
Change-Id: I47bda798fa7bcbd66bf23682ee6c6dd26b5642c1
Reviewed-by: Guido Urdaneta <guidou@chromium.org>
Commit-Queue: Armando Miraglia <armax@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#694214}
Reviewed-by: Armando Miraglia <armax@chromium.org>
Cr-Commit-Position: refs/branch-heads/3865@{#801}
Cr-Branched-From: 0cdcc6158160790658d1f033d3db873603250124-refs/heads/master@{#681094}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
-rw-r--r-- | chromium/content/browser/renderer_host/media/video_capture_manager.cc | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/chromium/content/browser/renderer_host/media/video_capture_manager.cc b/chromium/content/browser/renderer_host/media/video_capture_manager.cc index 9af948a562e..caef5bf8b23 100644 --- a/chromium/content/browser/renderer_host/media/video_capture_manager.cc +++ b/chromium/content/browser/renderer_host/media/video_capture_manager.cc @@ -637,8 +637,7 @@ void VideoCaptureManager::GetPhotoState( media::VideoCaptureDevice::GetPhotoStateCallback callback) { DCHECK_CURRENTLY_ON(BrowserThread::IO); - const VideoCaptureController* controller = - LookupControllerBySessionId(session_id); + VideoCaptureController* controller = LookupControllerBySessionId(session_id); if (!controller) return; if (controller->IsDeviceAlive()) { @@ -649,7 +648,7 @@ void VideoCaptureManager::GetPhotoState( photo_request_queue_.emplace_back( session_id, base::Bind(&VideoCaptureController::GetPhotoState, - base::Unretained(controller), base::Passed(&callback))); + controller->GetWeakPtrForIOThread(), base::Passed(&callback))); } void VideoCaptureManager::SetPhotoOptions( @@ -668,7 +667,7 @@ void VideoCaptureManager::SetPhotoOptions( // Queue up a request for later. photo_request_queue_.emplace_back( session_id, base::Bind(&VideoCaptureController::SetPhotoOptions, - base::Unretained(controller), + controller->GetWeakPtrForIOThread(), base::Passed(&settings), base::Passed(&callback))); } @@ -694,7 +693,7 @@ void VideoCaptureManager::TakePhoto( photo_request_queue_.emplace_back( session_id, base::Bind(&VideoCaptureController::TakePhoto, - base::Unretained(controller), base::Passed(&callback))); + controller->GetWeakPtrForIOThread(), base::Passed(&callback))); } void VideoCaptureManager::OnOpened( |