Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 8731bd8a30f6 from chromium #37657

Merged
merged 3 commits into from
Mar 23, 2023
Merged

chore: cherry-pick 8731bd8a30f6 from chromium #37657

merged 3 commits into from
Mar 23, 2023

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Mar 22, 2023

[M110] Use optional SafeRef to save RenderFrameHost in NavigationRequest

This prevents use-after-free if NavigationRequests somehow still
points to an already-deleted RFH, which is currently possible (see bug).

Also converts usages of render_frame_host_ to use the
GetRenderFrameHost() function to ensure that they are all called after
the final RenderFrameHost is picked for the navigation.

(cherry picked from commit 7b75ae34df6d15acf4e5a45f12c9dca4ce7f2586)

Bug: 1416916
Change-Id: I45569e7bb1f160158dc3139fc9e49d7d6bb56738
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4278923
Reviewed-by: Hiroki Nakagawa nhiroki@chromium.org
Commit-Queue: Rakina Zata Amni rakina@chromium.org
Reviewed-by: Alex Moshchuk alexmos@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1112656}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4308070
Reviewed-by: Charlie Reis creis@chromium.org
Commit-Queue: Alex Moshchuk alexmos@chromium.org
Cr-Commit-Position: refs/branch-heads/5481@{#1322}
Cr-Branched-From: 130f3e4d850f4bc7387cfb8d08aa993d288a67a9-refs/heads/main@{#1084008}

Notes: Security: backported fix for 1416916.

@ppontes ppontes requested a review from a team as a code owner March 22, 2023 16:55
@ppontes ppontes added security 🔒 semver/patch backwards-compatible bug fixes backport-check-skip Skip trop's backport validity checking 22-x-y labels Mar 22, 2023
@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels Mar 22, 2023
@ppontes ppontes force-pushed the cherry-pick/22-x-y/chromium/8731bd8a30f6 branch from 24e4939 to 1be05d6 Compare March 22, 2023 16:58
@jkleinsc jkleinsc merged commit f2719ed into 22-x-y Mar 23, 2023
@jkleinsc jkleinsc deleted the cherry-pick/22-x-y/chromium/8731bd8a30f6 branch March 23, 2023 14:53
@release-clerk
Copy link

release-clerk bot commented Mar 23, 2023

Release Notes Persisted

Security: backported fix for 1416916.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkleinsc jkleinsc jkleinsc approved these changes

Assignees
No one assigned
Labels
22-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ppontes @jkleinsc