commit | 9d94b873ccbccb13a47aa229969e48a7ffb0a27d | [log] [tgz] |
---|---|---|
author | Daniel Murphy <dmurph@chromium.org> | Wed Jun 12 02:06:25 2019 |
committer | Victor Costan <pwnall@chromium.org> | Wed Jun 12 02:06:25 2019 |
tree | 073bea106f4496f2b9c9f91b715f7debdf41cf00 | |
parent | 03b385baa4f47efd1517bd5950d1c8170d25603b [diff] |
[IndexedDB] Avoiding UAF in IndexedDBConnection list The IndexedDBDatabase's connection() list can be modified during a call to FinishAllTransactions. The AbortAllTransactions method didn't protect against this, so there was a potential UAF. This patch fixes that. (cherry picked from commit 6be08e8acbe5eaed18a0b9abeb395de5afa2f1aa) Bug: 969083 Change-Id: I590e3a6c4f978ee6e582394208fb70cbdd9e5347 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1641625 Commit-Queue: Daniel Murphy <dmurph@chromium.org> Auto-Submit: Daniel Murphy <dmurph@chromium.org> Reviewed-by: Chase Phillips <cmp@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#666381} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1654510 Reviewed-by: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/branch-heads/3809@{#245} Cr-Branched-From: d82dec1a818f378c464ba307ddd9c92133eac355-refs/heads/master@{#665002}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .