mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

fix: avoid contextBridge double free on garbage collection (#21592)

Browse source 
* fix: reset next/prev pointers for life-monitored nodes

* fix: don't double-delete nodes in a linked list
This commit is contained in:
loc 2020-01-10 15:59:50 -08:00 committed by Samuel Attard
parent 2858471151
commit 301bd8aec0
1 changed files with 3 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
shell/renderer/api/context_bridge/render_frame_context_bridge_store.cc
View file

@ -47,9 +47,11 @@ class CachedProxyLifeMonitor final : public ObjectLifeMonitor {
} }
if (node_->prev) { if (node_->prev) {
node_->prev->next = node_->next; node_->prev->next = node_->next;
node_->prev = nullptr;
} }
if (node_->next) { if (node_->next) {
node_->next->prev = node_->prev; node_->next->prev = node_->prev;
node_->next = nullptr;
} }
if (!node_->prev && !node_->next) { if (!node_->prev && !node_->next) {
// Must be a single length linked list // Must be a single length linked list
@ -76,11 +78,7 @@ WeakGlobalPairNode::WeakGlobalPairNode(WeakGlobalPair pair) {
this->pair = std::move(pair); this->pair = std::move(pair);
} }
WeakGlobalPairNode::~WeakGlobalPairNode() { WeakGlobalPairNode::~WeakGlobalPairNode() {}
if (next) {
delete next;
}
}
RenderFramePersistenceStore::RenderFramePersistenceStore( RenderFramePersistenceStore::RenderFramePersistenceStore(
content::RenderFrame* render_frame) content::RenderFrame* render_frame)