diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-08-31 12:14:12 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-08-31 10:33:19 +0000 |
commit | 2b707f254864f9fdfbe68527f01fa9aad016c431 (patch) | |
tree | 97d2d57c3b985e46f7f6e8ea06b687b480bbcdd1 | |
parent | e31cc67a44d8af96578680f51d2a7b2f4a5b1279 (diff) | |
download | qtwebengine-chromium-2b707f254864f9fdfbe68527f01fa9aad016c431.tar.gz |
[Backport] CVE-2020-6559: Use after free in presentation API
[Presentation API] Fix use-after-free.
This fixes a potential UAF in PresentationConnectionCallbacks::OnSuccess.
TBR=mlamouri@chromium.org
(cherry picked from commit 42a17e378ad7efbf57d47f3a7612d7c7cf95a907)
Bug: 1116706
Change-Id: I25fc55edf968f41bfedecbeb2054a5eae56d0de7
Reviewed-by: Mounir Lamouri <mlamouri@chromium.org>
Commit-Queue: mark a. foltz <mfoltz@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#799342}
Reviewed-by: mark a. foltz <mfoltz@chromium.org>
Cr-Commit-Position: refs/branch-heads/4183@{#1636}
Cr-Branched-From: 740e9e8a40505392ba5c8e022a8024b3d018ca65-refs/heads/master@{#782793}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
-rw-r--r-- | chromium/third_party/blink/renderer/modules/presentation/presentation_connection_callbacks.cc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/chromium/third_party/blink/renderer/modules/presentation/presentation_connection_callbacks.cc b/chromium/third_party/blink/renderer/modules/presentation/presentation_connection_callbacks.cc index aed6db7826f..b19f398e3a5 100644 --- a/chromium/third_party/blink/renderer/modules/presentation/presentation_connection_callbacks.cc +++ b/chromium/third_party/blink/renderer/modules/presentation/presentation_connection_callbacks.cc @@ -64,9 +64,10 @@ void PresentationConnectionCallbacks::OnSuccess( resolver_.Get(), presentation_info, request_); } - resolver_->Resolve(connection_); connection_->Init(std::move(connection_remote), std::move(connection_receiver)); + + resolver_->Resolve(connection_); } void PresentationConnectionCallbacks::OnError( |