Home Explore 引导页 在线工具 Blog
Register Sign In
Pchen0
/
electron
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

fix: crash when invoking login callback synchronously (#30068) (#30091)

Jeremy Rose 3 years ago
parent
cb614d15aa
commit
945ecdd709
1 changed files with 5 additions and 1 deletions
Split View Show Diff Stats
  1. 5 1
      shell/browser/login_handler.cc

+ 5 - 1
shell/browser/login_handler.cc
View File 

@@ -69,11 +69,15 @@ void LoginHandler::EmitEvent(
 
   details.Set("firstAuthAttempt", first_auth_attempt);
 
   details.Set("responseHeaders", response_headers.get());
 
 
+  auto weak_this = weak_factory_.GetWeakPtr();
 
   bool default_prevented =
 
       api_web_contents->Emit("login", std::move(details), auth_info,
 
                              base::BindOnce(&LoginHandler::CallbackFromJS,
 
                                             weak_factory_.GetWeakPtr()));
 
-  if (!default_prevented && auth_required_callback_) {
 
+  // ⚠️ NB, if CallbackFromJS is called during Emit(), |this| will have been
 
+  // deleted. Check the weak ptr before accessing any member variables to
 
+  // prevent UAF.
 
+  if (weak_this && !default_prevented && auth_required_callback_) {
 
     std::move(auth_required_callback_).Run(base::nullopt);
 
   }
 
 }