New issue
Advanced search Search tips

Issue 829394 link

Starred by 1 user
Status: Fixed
Owner:
siggi@chromium.org
Closed: Apr 2018
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

UAF in RC render process probe

Project Member Reported by siggi@chromium.org, Apr 5 2018 
The render process probe posts content::RenderProcessHost pointers from UI to IO and back to UI thread. The access is going to be a UAF at that point.
Project Member

Comment 1 by bugdroid1@chromium.org, Apr 9 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a0e4387e0e814e33da035542b63c103d0b23f5ac

commit a0e4387e0e814e33da035542b63c103d0b23f5ac
Author: Sigurdur Asgeirsson <siggi@chromium.org>
Date: Mon Apr 09 18:41:29 2018

Fix a UAF in render process probe.

Bug:  829394 
Change-Id: I40384bdd8adf9d11f8647c3c5d2dc4c8775525b4
Reviewed-on: https://chromium-review.googlesource.com/998012
Commit-Queue: Sigurður Ásgeirsson <siggi@chromium.org>
Reviewed-by: François Doray <fdoray@chromium.org>
Reviewed-by: Chris Hamilton <chrisha@chromium.org>
Cr-Commit-Position: refs/heads/master@{#549231}
[modify] https://crrev.com/a0e4387e0e814e33da035542b63c103d0b23f5ac/chrome/browser/resource_coordinator/resource_coordinator_render_process_probe.cc
[modify] https://crrev.com/a0e4387e0e814e33da035542b63c103d0b23f5ac/chrome/browser/resource_coordinator/resource_coordinator_render_process_probe.h

Comment 2 by siggi@chromium.org, Apr 9 2018

Status: Fixed (was: Started)

Sign in to add a comment