diff options
| author | shrekshao <shrekshao@google.com> | 2020-03-16 18:25:33 +0000 |
|---|---|---|
| committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2020-03-24 08:37:49 +0000 |
| commit | c110d4f93dfd89bdddfbc5b2181bbc698db7f6d5 (patch) | |
| tree | d53b8db796a010cf1242fc0fb0a98f3a04a49fc5 | |
| parent | ab79f5394af02566115e5aa1d65046a4fd1225cb (diff) | |
| download | qtwebengine-chromium-c110d4f93dfd89bdddfbc5b2181bbc698db7f6d5.tar.gz | |
[Backport] CVE-2020-6422: Use after free in WebGL.
Manual backport of patch originally reviewed on:
https://chromium-review.googlesource.com/c/chromium/src/+/2053167
https://chromium-review.googlesource.com/c/chromium/src/+/2104990
Verify if the context is still available.
Resolve conflict manually with git-drover
Bug: 1051748
Change-Id: Ia0c96282b89510369e31b559a4234571c57b40ef
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
| -rw-r--r-- | chromium/third_party/blink/renderer/modules/webgl/webgl_rendering_context_base.cc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/chromium/third_party/blink/renderer/modules/webgl/webgl_rendering_context_base.cc b/chromium/third_party/blink/renderer/modules/webgl/webgl_rendering_context_base.cc index 282a1c62ea3..58f2b2e14ae 100644 --- a/chromium/third_party/blink/renderer/modules/webgl/webgl_rendering_context_base.cc +++ b/chromium/third_party/blink/renderer/modules/webgl/webgl_rendering_context_base.cc @@ -7493,9 +7493,12 @@ void WebGLRenderingContextBase::PrintGLErrorToConsole(const String& message) { } void WebGLRenderingContextBase::PrintWarningToConsole(const String& message) { - Host()->GetTopExecutionContext()->AddConsoleMessage( + blink::ExecutionContext* context = Host()->GetTopExecutionContext(); + if (context && !context->IsContextDestroyed()) { + context->AddConsoleMessage( ConsoleMessage::Create(mojom::ConsoleMessageSource::kRendering, mojom::ConsoleMessageLevel::kWarning, message)); + } } bool WebGLRenderingContextBase::ValidateFramebufferFuncParameters( |