Skip to content

GitLab

T
tangled
Commit 4e3a92e8 authored by Alexey Seren's avatar Alexey Seren Committed by Commit Bot
Browse files
Options

Fix buffer overflow in ContentPasswordManagerDriverFactory 

There is a heap buffer overflow in ContentPasswordManagerDriverFactory::DidFinishNavigation.
This bug is a consequence of race between RenderFrameDeleted and DidFinishNavigation methods
of ContentPasswordManagerDriverFactory class and occures during execution in following test:
browser_tests.MimeHandlerViewCrossProcessTest.NavigationRaceFromEmbedder/1

Change-Id: Ifefb065c4ce2f0603c143ce777982e3fad60bcc2
Reviewed-on: https://chromium-review.googlesource.com/c/1493052
Commit-Queue: Vadym Doroshenko <dvadym@chromium.org>
Reviewed-by: default avatarVadym Doroshenko <dvadym@chromium.org>
Cr-Commit-Position: refs/heads/master@{#636396}
parent b6043a9e
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 2 deletions
components/password_manager/content/browser/content_password_manager_driver_factory.cc
View file @ 4e3a92e8
......@@ -104,8 +104,8 @@ void ContentPasswordManagerDriverFactory::DidFinishNavigation(
if (!navigation_handle->HasCommitted())
return;
frame_driver_map_.find(navigation_handle->GetRenderFrameHost())
->second->DidNavigateFrame(navigation_handle);
if (auto* driver = GetDriverForFrame(navigation_handle->GetRenderFrameHost()))
driver->DidNavigateFrame(navigation_handle);
}
void ContentPasswordManagerDriverFactory::RequestSendLoggingAvailability() {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment