diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-02-01 15:56:16 +0100 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-03-29 10:19:55 +0000 |
commit | a5f2293e6c2b5218875806626bee683e0501c179 (patch) | |
tree | 2e16c6cb89e72f77bc97749c2ebb141a9bda8ee8 /chromium/third_party/pdfium/third_party/lcms2-2.6/include/lcms2.h | |
parent | a66d35344003ee19ac70181b7a2233fd387f9da3 (diff) |
[Backport] Fix for CVE-2019-5758
Fix UAP in ImageBitmapLoader/FileReaderLoader
FileReaderLoader stores its client as a raw pointer, so in cases like
ImageBitmapLoader where the FileReaderLoaderClient really is garbage
collected we have to make sure to destroy the FileReaderLoader when
the ExecutionContext that owns it is destroyed.
TBR=mek@chromium.org
(cherry picked from commit 419c4bfbfb94849ed30dcab7c3aaf67afe238b27)
Bug: 913970
Change-Id: I40b02115367cf7bf5bbbbb8e9b57874d2510f861
Reviewed-on: https://chromium-review.googlesource.com/c/1374511
Reviewed-by: Jeremy Roman <jbroman@chromium.org>
Commit-Queue: Marijn Kruisselbrink <mek@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#616342}
Reviewed-on: https://chromium-review.googlesource.com/c/1379106
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Cr-Commit-Position: refs/branch-heads/3626@{#368}
Cr-Branched-From: d897fb137fbaaa9355c0c93124cc048824eb1e65-refs/heads/master@{#612437}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'chromium/third_party/pdfium/third_party/lcms2-2.6/include/lcms2.h')
0 files changed, 0 insertions, 0 deletions