delta/qt5/qtwebengine-chromium.git - code.qt.io: qt/qtwebengine-chromium.git

diff options

author	Keren Zhu <kerenzhu@chromium.org>	2023-04-21 00:52:29 +0000
committer	Michael Brüning <michael.bruning@qt.io>	2023-05-05 07:36:52 +0000
commit	49fb5fe113f79575614e5dd183e05222c7749c75 (patch)
tree	6dc877c9a14a290a10d31bf948fba867da9f6686 /chromium/third_party/libxml/src/include/private/io.h
parent	ee4c320e13f0f364ddda2d6c9ceac8292aa344d7 (diff)
download	qtwebengine-chromium-49fb5fe113f79575614e5dd183e05222c7749c75.tar.gz

[Backport] Security bug 1423360

Manual backport of patch originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/4455016: Fix ScopedObservation UaF in BubbleDialogDelegate::AnchorWidgetObserver A ScopedObservation can outlive the aura::Window it observes, leading to a use-after-free error in ~ScopedObservation(). The problem occurs in BubbleDialogDelegate::AnchorWidgetObserver. This fix listens for OnWindowDestroying() and resets the observation to prevent the UaF. Bug: 1423360 Change-Id: I742b4624b2664dea3fd97db7b399fcd15e45c8fe Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4455016 Code-Coverage: Findit <findit-for-me@appspot.gserviceaccount.com> Reviewed-by: Elly Fong-Jones <ellyjones@chromium.org> Commit-Queue: Keren Zhu <kerenzhu@chromium.org> Cr-Commit-Position: refs/heads/main@{#1133511} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/475992 Reviewed-by: Michal Klocek <michal.klocek@qt.io>

Diffstat (limited to 'chromium/third_party/libxml/src/include/private/io.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: