From 1bfd7557938e0a41422b2af4409353286f4cdf11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Br=C3=BCning?= Date: Fri, 16 Apr 2021 11:09:34 +0200 Subject: Update Chromium and adapt PermissionManagerQt Submodule src/3rdparty 6764c29f..c38ae3ec: > [Backport] Security bug 1190525 > [Backport] Security bug 1161759 > [Backport] Security bug 1175503 > [Backport] Security bugs 1175522 and 1181276 > [Backport] CVE-2021-21219: Uninitialized Use in PDFium > [Backport] CVE-2021-21217 and CVE-2021-21218: Uninitialized Use in PDFium > [Backport] CVE-2021-21214: Use after free in Network API > [Backport] CVE-2021-21213: Use after free in WebMIDI > [Backport] CVE-2021-21207: Use after free in IndexedDB > [Backport] CVE-2021-21221: Insufficient validation of untrusted input in Mojo > [Backport] CVE-2021-21204: Use after free in Blink. > [Backport] CVE-2021-21203: Use after free in Blink > [Backport] CVE-2021-21202: Use after free in extensions. > [Backport] CVE-2021-21201: Use after free in permissions Task-number: QTBUG-92895 Change-Id: I7e6f3d443366bb291cab027510f76788c14fc023 Reviewed-by: Allan Sandfeld Jensen --- src/3rdparty | 2 +- src/core/permission_manager_qt.cpp | 7 +++---- src/core/permission_manager_qt.h | 8 ++++---- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/src/3rdparty b/src/3rdparty index 6764c29f7..c38ae3ec4 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit 6764c29f7c5aaf9ecbe6532f9e2b845604c926a5 +Subproject commit c38ae3ec48030dea4f83cda3a83d8377f772de94 diff --git a/src/core/permission_manager_qt.cpp b/src/core/permission_manager_qt.cpp index 885a40c15..40090f8ec 100644 --- a/src/core/permission_manager_qt.cpp +++ b/src/core/permission_manager_qt.cpp @@ -122,7 +122,6 @@ static blink::mojom::PermissionStatus toBlink(ProfileAdapter::PermissionState re PermissionManagerQt::PermissionManagerQt() : m_requestIdCount(0) - , m_subscriberIdCount(0) { } @@ -339,19 +338,19 @@ void PermissionManagerQt::ResetPermission( m_permissions.remove(key); } -int PermissionManagerQt::SubscribePermissionStatusChange( +content::PermissionControllerDelegate::SubscriptionId PermissionManagerQt::SubscribePermissionStatusChange( content::PermissionType permission, content::RenderFrameHost * /* render_frame_host */, const GURL& requesting_origin, base::RepeatingCallback callback) { - int subscriber_id = ++m_subscriberIdCount; + auto subscriber_id = subscription_id_generator_.GenerateNextId(); m_subscribers.insert( { subscriber_id, Subscription { toQt(permission), toQt(requesting_origin), std::move(callback) } }); return subscriber_id; } -void PermissionManagerQt::UnsubscribePermissionStatusChange(int subscription_id) +void PermissionManagerQt::UnsubscribePermissionStatusChange(content::PermissionControllerDelegate::SubscriptionId subscription_id) { if (!m_subscribers.erase(subscription_id)) LOG(WARNING) << "PermissionManagerQt::UnsubscribePermissionStatusChange called on unknown subscription id" << subscription_id; diff --git a/src/core/permission_manager_qt.h b/src/core/permission_manager_qt.h index e046174df..f8d7e0ee3 100644 --- a/src/core/permission_manager_qt.h +++ b/src/core/permission_manager_qt.h @@ -89,13 +89,13 @@ public: base::OnceCallback&)> callback) override; - int SubscribePermissionStatusChange( + content::PermissionControllerDelegate::SubscriptionId SubscribePermissionStatusChange( content::PermissionType permission, content::RenderFrameHost* render_frame_host, const GURL& requesting_origin, const base::RepeatingCallback callback) override; - void UnsubscribePermissionStatusChange(int subscription_id) override; + void UnsubscribePermissionStatusChange(content::PermissionControllerDelegate::SubscriptionId subscription_id) override; private: QHash, bool> m_permissions; @@ -118,9 +118,9 @@ private: }; std::vector m_requests; std::vector m_multiRequests; - std::map m_subscribers; + std::map m_subscribers; + content::PermissionControllerDelegate::SubscriptionId::Generator subscription_id_generator_; int m_requestIdCount; - int m_subscriberIdCount; }; -- cgit v1.2.3