Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 9d100199c92b from chromium #25229

Merged
merged 4 commits into from
Sep 2, 2020
Merged

chore: cherry-pick 9d100199c92b from chromium #25229

merged 4 commits into from
Sep 2, 2020

Conversation

nornagon
Copy link
Member

Fix UAF in ScriptPromiseProperty caused by reentrant code

v8::Promise::Resolve can run user code synchronously, which caused a UAF
in ScriptPromiseProperty. Fix it.

Bug: 1108518
Change-Id: Ia9baec6eef0887323cd88ceb1d3fa0c14fdb77ef
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2325499
Reviewed-by: Yuki Shiino yukishiino@chromium.org
Commit-Queue: Yutaka Hirano yhirano@chromium.org
Cr-Commit-Position: refs/heads/master@{#792661}
(cherry picked from commit 6d18e924b9c426905434cc280d7b602b3a3379ed)

TBR=yhirano@chromium.org

Change-Id: I3b7bfd5e8d932fb59c292159a4526cf70b44c58b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2342489
Commit-Queue: Yutaka Hirano yhirano@chromium.org
Reviewed-by: Yutaka Hirano yhirano@chromium.org
Cr-Commit-Position: refs/branch-heads/4147@{#1049}
Cr-Branched-From: 16307825352720ae04d898f37efa5449ad68b606-refs/heads/master@{#768962}

Notes: Security: backported fix for 1108518.

@nornagon nornagon requested a review from a team as a code owner August 31, 2020 19:33
@nornagon nornagon added 9-x-y backport-check-skip Skip trop's backport validity checking labels Aug 31, 2020
@electron-cation electron-cation bot added the new-pr 🌱 PR opened in the last 24 hours label Aug 31, 2020
@electron-cation electron-cation bot removed the new-pr 🌱 PR opened in the last 24 hours label Sep 1, 2020
@nornagon nornagon merged commit f8af08c into 9-x-y Sep 2, 2020
@release-clerk
Copy link

release-clerk bot commented Sep 2, 2020

Release Notes Persisted

Security: backported fix for 1108518.

@nornagon nornagon deleted the cherry-pick/9-x-y/chromium/9d100199c92b branch September 2, 2020 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deepak1556 deepak1556 deepak1556 approved these changes

Assignees
No one assigned
Labels
9-x-y backport-check-skip Skip trop's backport validity checking
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@nornagon @deepak1556