Fix UAP in blink::ManifestManager's mojo binding

This CL resets own mojo binding in the internal function of ManifestManager::ContextDestroyed because Blink's GC objects that own mojo bindings manually need to reset the bindings to prevent use after poison issue. Bug: 979621 Change-Id: I38c4c3b532111f9ff721ef75b98d9e33a3f96441 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1705580Reviewed-by: Kentaro Hara <haraken@chromium.org> Reviewed-by: Ken Rockot <rockot@google.com> Commit-Queue: Miyoung Shin <myid.shin@igalia.com> Cr-Commit-Position: refs/heads/master@{#678512}

Fix UAP in blink::ManifestManager's mojo binding
This CL resets own mojo binding in the internal function of ManifestManager::ContextDestroyed because Blink's GC objects that own mojo bindings manually need to reset the bindings to prevent use after poison issue. Bug: 979621 Change-Id: I38c4c3b532111f9ff721ef75b98d9e33a3f96441 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1705580Reviewed-by: Kentaro Hara <haraken@chromium.org> Reviewed-by: Ken Rockot <rockot@google.com> Commit-Queue: Miyoung Shin <myid.shin@igalia.com> Cr-Commit-Position: refs/heads/master@{#678512}
f4d74ffa · Miyoung Shin · Commit Bot · bf7ae43a · f4d74ffa
Commit f4d74ffa authored Jul 18, 2019 by Miyoung Shin Committed by Commit Bot Jul 18, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

third_party/blink/renderer/modules/manifest/manifest_manager.cc ...party/blink/renderer/modules/manifest/manifest_manager.cc +2 -0

No files found.
--- a/third_party/blink/renderer/modules/manifest/manifest_manager.cc
+++ b/third_party/blink/renderer/modules/manifest/manifest_manager.cc
@@ -267,6 +267,8 @@ void ManifestManager::Dispose() {
  // will be aware of the RenderFrame dying and should act on that. Consumers
  // in the renderer process should be correctly notified.
  ResolveCallbacks(ResolveStateFailure);
+  bindings_.CloseAllBindings();
 }
 void ManifestManager::Trace(blink::Visitor* visitor) {