delta/qt5/qtwebengine-chromium.git - code.qt.io: qt/qtwebengine-chromium.git

diff options

author	Hongchan Choi <hongchan@chromium.org>	2020-01-18 00:24:38 +0000
committer	Michael Brüning <michael.bruning@qt.io>	2020-03-06 12:02:56 +0000
commit	feeaf8ecd52e7a1fd95ebf989db58e4bc2253390 (patch)
tree	66750bf042695222677e2a501c3ca2b9f0931028 /chromium/content/public/browser/devtools_agent_host_client.cc
parent	b6fde543e118f3056b6bdca1c5ae6f36afbf8be2 (diff)
download	qtwebengine-chromium-feeaf8ecd52e7a1fd95ebf989db58e4bc2253390.tar.gz

[Backport] CVE-2020-6406 - Use after free in audio

Manual backport of patch originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/2003564 https://chromium-review.googlesource.com/c/chromium/src/+/2008320: Add a graph lock in PannerHandler::SetPanningModel() We need the graph lock to secure the panner backend because BaseAudioContext::Handle{Pre,Post}RenderTasks() from the audio thread can touch it. (cherry picked from commit 00962dd2d61776b03be93557683d8a301e4bb572) Test: ran two repro cases from the report over 1 hour and TSAN survived. Bug: 1042254 Change-Id: Ie768f00455198ebd4aa376f85da4fa4a66366061 Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>

Diffstat (limited to 'chromium/content/public/browser/devtools_agent_host_client.cc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: