Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 5ff02e4d7368 from chromium #34019

Merged
merged 3 commits into from May 4, 2022
Merged

chore: cherry-pick 5ff02e4d7368 from chromium #34019

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8fbb06b
chore: cherry-pick 5ff02e4d7368 from chromium
ppontes May 2, 2022
61aa047
chore: update patches
patchup[bot] May 2, 2022
ed958bb
Merge branch '15-x-y' into cherry-pick/15-x-y/chromium/5ff02e4d7368
electron-bot May 3, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions patches/chromium/.patches
View file
Open in desktop
Expand Up @@ -175,4 +175,5 @@ skia_renderer_-_don_t_explicitly_clip_scissor_for_large_transforms.patch
skia_renderer_use_rectf_intersect_in_applyscissor.patch
cherry-pick-1a31e2110440.patch
m100_change_ownership_of_blobbytesprovider.patch
cherry-pick-5ff02e4d7368.patch
cherry-pick-12ba78f3fa7a.patch
40 changes: 40 additions & 0 deletions patches/chromium/cherry-pick-5ff02e4d7368.patch
View file
Open in desktop
@@ -0,0 +1,40 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: UwU UwU <uwu7586@gmail.com>
Date: Tue, 19 Apr 2022 15:10:38 +0000
Subject: NavigatorManagedData: Prevent iterator invalidation during Promise
resolution

(cherry picked from commit 6083135252280d9b43e26169eb35154a9ac861ea)

Bug: 1307223
Change-Id: Iead6cf8c6236a95dbdfe7877c912f6ba86b370ac
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3532439
Commit-Queue: Anqing Zhao <anqing@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#984230}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3577263
Reviewed-by: Artem Sumaneev <asumaneev@google.com>
Owners-Override: Artem Sumaneev <asumaneev@google.com>
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Cr-Commit-Position: refs/branch-heads/4664@{#1591}
Cr-Branched-From: 24dc4ee75e01a29d390d43c9c264372a169273a7-refs/heads/main@{#929512}

diff --git a/third_party/blink/renderer/modules/managed_device/navigator_managed_data.cc b/third_party/blink/renderer/modules/managed_device/navigator_managed_data.cc
index 2df64ff2c51dfe080cd50b46199e9c1d77ea26db..32b48ca0157a52d322aa4e00d18d4e662d3b1c4a 100644
--- a/third_party/blink/renderer/modules/managed_device/navigator_managed_data.cc
+++ b/third_party/blink/renderer/modules/managed_device/navigator_managed_data.cc
@@ -108,8 +108,14 @@ void NavigatorManagedData::OnServiceConnectionError() {
!managed_configuration_service_.is_connected()) {
managed_configuration_service_.reset();
}
+
+ // Move the set to a local variable to prevent script execution in Reject()
+ // from invalidating the iterator used by the loop.
+ HeapHashSet<Member<ScriptPromiseResolver>> pending_promises;
+ pending_promises_.swap(pending_promises);
+
// Resolve all pending promises with a failure.
- for (ScriptPromiseResolver* resolver : pending_promises_) {
+ for (ScriptPromiseResolver* resolver : pending_promises) {
resolver->Reject(
MakeGarbageCollected<DOMException>(DOMExceptionCode::kNotAllowedError,
kNotHighTrustedAppExceptionMessage));