Fix potential use-after-free in CSSFontFaceSource

This fixes a bug introduced by crrev.com/c/824172. Bug: 778352 Change-Id: Id1dbc552ed5a94a0b5fadddec0b5bea50c3a7597 Reviewed-on: https://chromium-review.googlesource.com/826662Reviewed-by: Koji Ishii <kojii@chromium.org> Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org> Cr-Commit-Position: refs/heads/master@{#524007}

Fix potential use-after-free in CSSFontFaceSource
This fixes a bug introduced by crrev.com/c/824172. Bug: 778352 Change-Id: Id1dbc552ed5a94a0b5fadddec0b5bea50c3a7597 Reviewed-on: https://chromium-review.googlesource.com/826662Reviewed-by: Koji Ishii <kojii@chromium.org> Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org> Cr-Commit-Position: refs/heads/master@{#524007}
9faa2ca7 · Kunihiko Sakamoto · Commit Bot · 26a26a55 · 9faa2ca7
Commit 9faa2ca7 authored Dec 14, 2017 by Kunihiko Sakamoto Committed by Commit Bot Dec 14, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

third_party/WebKit/Source/core/css/CSSFontFaceSource.cpp third_party/WebKit/Source/core/css/CSSFontFaceSource.cpp +1 -1

No files found.
--- a/third_party/WebKit/Source/core/css/CSSFontFaceSource.cpp
+++ b/third_party/WebKit/Source/core/css/CSSFontFaceSource.cpp
@@ -78,8 +78,8 @@ void CSSFontFaceSource::PruneOldestIfNeeded() {
  if (font_cache_key_age.size() > kMaxCachedFontData) {
    DCHECK_EQ(font_cache_key_age.size() - 1, kMaxCachedFontData);
    FontCacheKey& key = font_cache_key_age.back();
-    font_cache_key_age.pop_back();
    auto font_data_entry = font_data_table_.Take(key);
+    font_cache_key_age.pop_back();
    DCHECK_EQ(font_cache_key_age.size(), kMaxCachedFontData);
    if (font_data_entry && font_data_entry->GetCustomFontData())
      font_data_entry->GetCustomFontData()->ClearFontFaceSource();