summaryrefslogtreecommitdiff
path: root/chromium/third_party/libxml/src/include/private/io.h
diff options
context:
space:
mode:
authorKeren Zhu <kerenzhu@chromium.org>2023-04-21 00:52:29 +0000
committerMichael BrĂ¼ning <michael.bruning@qt.io>2023-05-05 07:36:52 +0000
commit49fb5fe113f79575614e5dd183e05222c7749c75 (patch)
tree6dc877c9a14a290a10d31bf948fba867da9f6686 /chromium/third_party/libxml/src/include/private/io.h
parentee4c320e13f0f364ddda2d6c9ceac8292aa344d7 (diff)
downloadqtwebengine-chromium-49fb5fe113f79575614e5dd183e05222c7749c75.tar.gz
[Backport] Security bug 1423360
Manual backport of patch originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/4455016: Fix ScopedObservation UaF in BubbleDialogDelegate::AnchorWidgetObserver A ScopedObservation can outlive the aura::Window it observes, leading to a use-after-free error in ~ScopedObservation(). The problem occurs in BubbleDialogDelegate::AnchorWidgetObserver. This fix listens for OnWindowDestroying() and resets the observation to prevent the UaF. Bug: 1423360 Change-Id: I742b4624b2664dea3fd97db7b399fcd15e45c8fe Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4455016 Code-Coverage: Findit <findit-for-me@appspot.gserviceaccount.com> Reviewed-by: Elly Fong-Jones <ellyjones@chromium.org> Commit-Queue: Keren Zhu <kerenzhu@chromium.org> Cr-Commit-Position: refs/heads/main@{#1133511} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/475992 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Diffstat (limited to 'chromium/third_party/libxml/src/include/private/io.h')
0 files changed, 0 insertions, 0 deletions