chromium_src.git - central chromium sources

diff options

author	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-06-05 21:04:02 +0000
committer	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-06-05 21:04:02 +0000
commit	027f2fb27b6c2840feb15a3ee8964473075122bb (patch)
tree	205e514cd633095f252762a44e5bb100eeb362ed /chrome/browser/views/frame
parent	5093d683a15b9a754e833e0564185ae21edcb510 (diff)
download	chromium_src-027f2fb27b6c2840feb15a3ee8964473075122bb.zip chromium_src-027f2fb27b6c2840feb15a3ee8964473075122bb.tar.gz chromium_src-027f2fb27b6c2840feb15a3ee8964473075122bb.tar.bz2

Linux: Dumping a renderer can traverse an invalid pointer.

A ucontext isn't a POD datatype, so we can end up sending it to the browser and then walking an embedded pointer which is only valid in the renderer context. This fix sends the floating point registers (which were at the other end of said pointer) in the context and stops using the pointer in the ucontext. BUG=13465 http://codereview.chromium.org/119249 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@17771 0039d316-1c4b-4281-b951-d872f2087c98

Diffstat (limited to 'chrome/browser/views/frame')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: