diff options
author | Liquan (Max) Gu <maxlg@chromium.org> | 2022-01-10 21:24:28 +0000 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2022-02-18 01:17:02 +0000 |
commit | 04185ae61ababb3043d5467536b8747db68f6906 (patch) | |
tree | 1ace7dc6aad4e08b5c9ebf466a8d6af79a6e0b17 | |
parent | 2b6b5a2a8d32b20c687bbac974f70bc46cc82934 (diff) | |
download | qtwebengine-chromium-04185ae61ababb3043d5467536b8747db68f6906.tar.gz |
[Backport] CVE-2022-0468: Use after free in Payments (2/2)
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3378182:
Not to send Payment apps for permission check when service worker errors
Before the change, when a payment app was being registered while the
window was shutting down, the payment apps would still be sent for
permission checks, causing a crash.
After the change, in the same situation, the payment apps would not be
sent for permission checks.
Bug: 1252716
Change-Id: I9f0f80eadfdc598ee5f1c6e41fd56975b32df2a0
Reviewed-by: Rouslan Solomakhin <rouslan@chromium.org>
Commit-Queue: Liquan (Max) Gu <maxlg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#957248}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
-rw-r--r-- | chromium/content/browser/payments/payment_app_database.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/chromium/content/browser/payments/payment_app_database.cc b/chromium/content/browser/payments/payment_app_database.cc index fb108835b26..2a597b57916 100644 --- a/chromium/content/browser/payments/payment_app_database.cc +++ b/chromium/content/browser/payments/payment_app_database.cc @@ -695,7 +695,7 @@ void PaymentAppDatabase::DidReadAllPaymentInstruments( blink::ServiceWorkerStatusCode status) { DCHECK_CURRENTLY_ON(ServiceWorkerContext::GetCoreThreadId()); if (status != blink::ServiceWorkerStatusCode::kOk) { - std::move(callback).Run(std::move(apps)); + std::move(callback).Run(PaymentApps()); return; } |