-
Daniel Murphy authored
During ForceClose, a closing connection could cause the active request to 'complete', triggering the rest of the requests to execute. Since the connections are cleared after-the-fact in ForceClose(), this caused a UAF. Instead having specialized weakptr factories here, this change creates a |force_closing_| variable which is set in ForceClose(), which is used to ensure reentry doesn't occur. R: pwnall@chromium.org Bug: 966557 Change-Id: Iaaf678853431c35299dc9289b505fdf66c19a88e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1627707 Commit-Queue: Daniel Murphy <dmurph@chromium.org> Reviewed-by:
Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#662926}
8ae1a64b
