8000 chore: cherry-pick 22f27676515e from chromium by nornagon · Pull Request #32743 · electron/electron · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

chore: cherry-pick 22f27676515e from chromium #32743

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Feb 17, 2022
Merged

chore: cherry-pick 22f27676515e from chromium #32743

merged 6 commits into from
Feb 17, 2022

Conversation

nornagon
Copy link
Contributor
@nornagon nornagon commented Feb 3, 2022

WebContentsVideoCaptureDevice: Fix use-after-free

The classes WebContentsVideoCaptureDevice,
AuraWindowVideoCaptureDevice::WindowTracker, and
ViewsWidgetVideoCaptureDeviceMac::UIThreadDelegate all keep a raw
pointer that they use to access the MouseCursorOverlayController.

This raw pointer comes from the base class FrameSinkVideoCaptureDevice
and should outlive the class that has a raw pointer. On macOS, this
isn't necessarily the case.

Avoid this sharp edge by using a WeakPtr for the
MouseCursorOverlayController, and checking that it is valid before
using it.

Bug: 1252562, 1179098
Change-Id: I1d74bea1255597662aab3f9f2430c49d2e39836a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3260842
Commit-Queue: ccameron ccameron@chromium.org
Reviewed-by: mark a. foltz mfoltz@chromium.org
Cr-Commit-Position: refs/heads/main@{#939604}

Notes: Security: backported fix for 1252562, 1179098.

@nornagon nornagon requested a review from a team as a code owner February 3, 2022 18:53
@nornagon nornagon added 14-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes labels Feb 3, 2022
@electron-cation electron-cation bot added new-pr 🌱 PR opened recently and removed new-pr 🌱 PR opened recently labels Feb 3, 2022
@nornagon nornagon changed the title chore: cherry-pick 22f27676515e from chromium chore: cherry-pick 22f27676515e from chromium Feb 15, 2022
@nornagon nornagon changed the title chore: cherry-pick 22f27676515e from chromium chore: cherry-pick 22f27676515e from chromium Feb 15, 2022
@nornagon nornagon merged commit dc3a2ff into 14-x-y Feb 17, 2022
@nornagon nornagon deleted the cherry-pick/14-x-y/chromium/22f27676515e branch February 17, 2022 22:42
@release-clerk
Copy link
release-clerk bot commented Feb 17, 2022

Release Notes Persisted

Security: backported fix for 1252562, 1179098.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zcbenz zcbenz zcbenz approved these changes

@VerteDinde VerteDinde VerteDinde approved these changes

Assignees
No one assigned
Labels
14-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nornagon @zcbenz @VerteDinde @electron-bot
0