chromium_src.git - central chromium sources

diff options

author	mkosiba@chromium.org <mkosiba@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-11-08 18:07:31 +0000
committer	mkosiba@chromium.org <mkosiba@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-11-08 18:07:31 +0000
commit	174bdd0817c4060a87582d7fa835d7b511173627 (patch)
tree	3e1e25fa36f39ab90be578e04409c88174b97576 /sync/engine
parent	12594b927d6e80f4b13bdbe1e1cdab360e02cdec (diff)
download	chromium_src-174bdd0817c4060a87582d7fa835d7b511173627.zip chromium_src-174bdd0817c4060a87582d7fa835d7b511173627.tar.gz chromium_src-174bdd0817c4060a87582d7fa835d7b511173627.tar.bz2

[android_webview] Fix UAF in request interception code.

It was possible for any of the tasks posted by the AndroidStreamReaderURLRequestJob to access the InterceptedRequestData after the URLRequest owning that data structure was deleted The fix is to make the newly created job's Delgate own the InterceptedRequestData since the AndroidStreamReaderURLRequestJob takes care to not delete the Delegate before all async tasks have finished. BUG=internal b/11520856 TEST=AndroidWebViewTest Android-only CL, trybots happy. NOTRY=true Review URL: https://codereview.chromium.org/61653004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@233937 0039d316-1c4b-4281-b951-d872f2087c98

Diffstat (limited to 'sync/engine')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: