Skip to content

Commit

Permalink
fix: avoid contextBridge double free on garbage collection (#21736)
Browse files Browse the repository at this point in the history 
* fix: reset next/prev pointers for life-monitored nodes

* fix: don't double-delete nodes in a linked list

Co-authored-by: loc <andy@slack-corp.com>
  • Loading branch information
@trop @loc @MarshallOfSound
2 people authored and MarshallOfSound committed Jan 11, 2020
1 parent c56e5ab commit 704cdd3
Showing 1 changed file with 3 additions and 5 deletions.
8 changes: 3 additions & 5 deletions shell/renderer/api/context_bridge/render_frame_context_bridge_store.cc
View file
Expand Up @@ -47,9 +47,11 @@ class CachedProxyLifeMonitor final : public ObjectLifeMonitor {
}
if (node_->prev) {
node_->prev->next = node_->next;
node_->prev = nullptr;
}
if (node_->next) {
node_->next->prev = node_->prev;
node_->next = nullptr;
}
if (!node_->prev && !node_->next) {
// Must be a single length linked list
Expand All @@ -76,11 +78,7 @@ WeakGlobalPairNode::WeakGlobalPairNode(WeakGlobalPair pair) {
this->pair = std::move(pair);
}

WeakGlobalPairNode::~WeakGlobalPairNode() {
if (next) {
delete next;
}
}
WeakGlobalPairNode::~WeakGlobalPairNode() {}

RenderFramePersistenceStore::RenderFramePersistenceStore(
content::RenderFrame* render_frame)
Expand Down

0 comments on commit 704cdd3

Please sign in to comment.