-
Martin Kreichgauer authored
In http://crrev.com/c/1354559, the thread waiting for the blocking Windows WebAuthn API calls to return was moved into the WinWebAuthnApi singleton. Unfortunately, this introduced a potential use-after-free, because arguments to the blocking API calls get passed via pointer and the owner of those arguments, WinHelloApiAuthenticator, wasn't generally guaranteed to outlive the duration of the request. This change fixes the issue by moving all data passed to the Windows API calls into WinWebAuthnApi by value. Bug: 898718 Change-Id: Ib4f2e86f4ef04cbac712682d4cff386709e735eb Reviewed-on: https://chromium-review.googlesource.com/c/1356334 Commit-Queue: Martin Kreichgauer <martinkr@chromium.org> Reviewed-by:
Adam Langley <agl@chromium.org> Cr-Commit-Position: refs/heads/master@{#612753}
afad373b
