From 0e94374ae00236ab94036e9aefb5a5abdf7d14e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCri=20Valdmann?= Date: Thu, 1 Mar 2018 15:46:51 +0100 Subject: Avoid use-after-free of ProtocolHandlerRegistry Change-Id: Ib84a80472a93f53f3675cb8c2db6fa377322b86b Reviewed-by: Michal Klocek --- ..._protocol_handler_permission_controller_impl.cpp | 21 +++++++++++++++++---- ...er_protocol_handler_permission_controller_impl.h | 8 +++++--- src/core/web_contents_delegate_qt.cpp | 2 +- 3 files changed, 23 insertions(+), 8 deletions(-) (limited to 'src/core') diff --git a/src/core/register_protocol_handler_permission_controller_impl.cpp b/src/core/register_protocol_handler_permission_controller_impl.cpp index 96f2edb87..98d257e38 100644 --- a/src/core/register_protocol_handler_permission_controller_impl.cpp +++ b/src/core/register_protocol_handler_permission_controller_impl.cpp @@ -38,28 +38,41 @@ ****************************************************************************/ #include "register_protocol_handler_permission_controller_impl.h" +#include "chrome/browser/custom_handlers/protocol_handler_registry_factory.h" +#include "content/public/browser/web_contents.h" #include "type_conversion.h" namespace QtWebEngineCore { RegisterProtocolHandlerPermissionControllerImpl::RegisterProtocolHandlerPermissionControllerImpl( - ProtocolHandlerRegistry *registry, + content::WebContents *webContents, ProtocolHandler handler) : RegisterProtocolHandlerPermissionController( toQt(handler.url()), toQt(handler.protocol())) - , m_registry(registry) + , content::WebContentsObserver(webContents) , m_handler(handler) {} +ProtocolHandlerRegistry *RegisterProtocolHandlerPermissionControllerImpl::protocolHandlerRegistry() +{ + content::WebContents *webContents = web_contents(); + if (!webContents) + return nullptr; + content::BrowserContext *context = webContents->GetBrowserContext(); + return ProtocolHandlerRegistryFactory::GetForBrowserContext(context); +} + void RegisterProtocolHandlerPermissionControllerImpl::accepted() { - m_registry->OnAcceptRegisterProtocolHandler(m_handler); + if (ProtocolHandlerRegistry *registry = protocolHandlerRegistry()) + registry->OnAcceptRegisterProtocolHandler(m_handler); } void RegisterProtocolHandlerPermissionControllerImpl::rejected() { - m_registry->OnIgnoreRegisterProtocolHandler(m_handler); + if (ProtocolHandlerRegistry *registry = protocolHandlerRegistry()) + registry->OnIgnoreRegisterProtocolHandler(m_handler); } } // namespace QtWebEngineCore diff --git a/src/core/register_protocol_handler_permission_controller_impl.h b/src/core/register_protocol_handler_permission_controller_impl.h index 57a094fd9..739b320c0 100644 --- a/src/core/register_protocol_handler_permission_controller_impl.h +++ b/src/core/register_protocol_handler_permission_controller_impl.h @@ -44,15 +44,17 @@ #include "chrome/browser/custom_handlers/protocol_handler_registry.h" #include "chrome/common/custom_handlers/protocol_handler.h" +#include "content/public/browser/web_contents_observer.h" class ProtocolHandlerRegistry; namespace QtWebEngineCore { -class RegisterProtocolHandlerPermissionControllerImpl final : public RegisterProtocolHandlerPermissionController { +class RegisterProtocolHandlerPermissionControllerImpl final : public RegisterProtocolHandlerPermissionController, + private content::WebContentsObserver { public: RegisterProtocolHandlerPermissionControllerImpl( - ProtocolHandlerRegistry *registry, + content::WebContents *webContents, ProtocolHandler handler); protected: @@ -60,7 +62,7 @@ protected: void rejected() override; private: - ProtocolHandlerRegistry *m_registry; + ProtocolHandlerRegistry *protocolHandlerRegistry(); ProtocolHandler m_handler; }; diff --git a/src/core/web_contents_delegate_qt.cpp b/src/core/web_contents_delegate_qt.cpp index bec4d5d2f..2cbb9e477 100644 --- a/src/core/web_contents_delegate_qt.cpp +++ b/src/core/web_contents_delegate_qt.cpp @@ -655,7 +655,7 @@ void WebContentsDelegateQt::RegisterProtocolHandler(content::WebContents *webCon return; QSharedPointer controller( - new RegisterProtocolHandlerPermissionControllerImpl(registry, handler)); + new RegisterProtocolHandlerPermissionControllerImpl(webContents, handler)); m_viewClient->runRegisterProtocolHandlerPermissionRequest(std::move(controller)); } -- cgit v1.2.3