diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-10-14 11:51:52 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-10-14 11:52:37 +0000 |
commit | 00d9e1e3be09a80f9c03302f86b77a9d849a822f (patch) | |
tree | debf3a2d7d0e409e37f342e3f3b9138eb25d7acd /chromium/third_party/blink/renderer/modules/filesystem/file_system_dispatcher.cc | |
parent | 1f07ca687b1a2aafce41e96dbf9e0ad7aa48d525 (diff) | |
download | qtwebengine-chromium-00d9e1e3be09a80f9c03302f86b77a9d849a822f.tar.gz |
[Backport] CVE-2019-5872
Close FileSystemOperationListener bindings on PreFinalizer
This is a speculative CL to the UAP observed on crbug.com/c/981492.
It basically early-closes FileSystemDispatcher's mojo bindings manually,
a common for Blink's GC objects that own mojo bindings.
BUG=981492
R=haraken@chromium.org, mek@chromium.org
TBR=tonikitoo@igalia.com
(cherry picked from commit cfd44efa92afda3eb1944ae2f862bd444553a78c)
Change-Id: I0ffff4798532df5dda1ee74e4bbe8a887b5c68ee
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Marijn Kruisselbrink <mek@chromium.org>
Auto-Submit: Antonio Gomes <tonikitoo@igalia.com>
Cr-Original-Commit-Position: refs/heads/master@{#685700}
Reviewed-by: Antonio Gomes <tonikitoo@igalia.com>
Cr-Commit-Position: refs/branch-heads/3865@{#606}
Cr-Branched-From: 0cdcc6158160790658d1f033d3db873603250124-refs/heads/master@{#681094}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Diffstat (limited to 'chromium/third_party/blink/renderer/modules/filesystem/file_system_dispatcher.cc')
-rw-r--r-- | chromium/third_party/blink/renderer/modules/filesystem/file_system_dispatcher.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/chromium/third_party/blink/renderer/modules/filesystem/file_system_dispatcher.cc b/chromium/third_party/blink/renderer/modules/filesystem/file_system_dispatcher.cc index 91de230246c..a2841d1f646 100644 --- a/chromium/third_party/blink/renderer/modules/filesystem/file_system_dispatcher.cc +++ b/chromium/third_party/blink/renderer/modules/filesystem/file_system_dispatcher.cc @@ -585,4 +585,8 @@ void FileSystemDispatcher::RemoveOperationPtr(int operation_id) { cancellable_operations_.erase(operation_id); } +void FileSystemDispatcher::Prefinalize() { + op_listeners_.CloseAllBindings(); +} + } // namespace blink |