UAF in GetBackdropWallpaperSuffix |
||
Issue descriptionFiled by sheriff-o-matic@appspot.gserviceaccount.com on behalf of grt@chromium.org viz_browser_tests failing on chromium.memory/Linux Chromium OS ASan LSan Tests (1) Builders failed on: - Linux Chromium OS ASan LSan Tests (1): https://ci.chromium.org/p/chromium/builders/luci.chromium.ci/Linux%20Chromium%20OS%20ASan%20LSan%20Tests%20%281%29
,
Jun 26 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8bd00706791d7ca41a1109f981feb6db9b377a37 commit 8bd00706791d7ca41a1109f981feb6db9b377a37 Author: Greg Thompson <grt@chromium.org> Date: Tue Jun 26 12:07:14 2018 Fix use-after-free in GetBackdropWallpaperSuffix. Screen::GetPrimaryDisplay() returns a Display instance, so holding a reference to its size after it is destroyed is crashtastic. BUG= 856584 TBR=wzang@chromium.org Change-Id: I6f6fcbbd8a2f2a8a2ce0257ccb9bd69402d38136 Reviewed-on: https://chromium-review.googlesource.com/1114741 Reviewed-by: Greg Thompson <grt@chromium.org> Commit-Queue: Greg Thompson <grt@chromium.org> Cr-Commit-Position: refs/heads/master@{#570378} [modify] https://crrev.com/8bd00706791d7ca41a1109f981feb6db9b377a37/chrome/browser/chromeos/extensions/wallpaper_private_api.cc
,
Jun 26 2018
,
Jun 26 2018
Thanks for fixing this. |
||
►
Sign in to add a comment |
||
Comment 1 by grt@chromium.org
, Jun 26 2018Labels: OS-Chrome
Owner: grt@chromium.org
Status: Started (was: Available)