diff options
author | Dan Elphick <delphick@chromium.org> | 2020-02-05 10:31:02 +0000 |
---|---|---|
committer | Michal Klocek <michal.klocek@qt.io> | 2020-04-22 18:13:14 +0000 |
commit | 0f16d8d83e47effe3b5d38a4136f9353647dda35 (patch) | |
tree | 69d70bc27fb07f4bfe5dea24d065c86d63770aba | |
parent | 39d2873778c5bcc237843216180b3a52ceb5b1f4 (diff) | |
download | qtwebengine-chromium-0f16d8d83e47effe3b5d38a4136f9353647dda35.tar.gz |
[Backport] CVE-2020-6434
Fix deref of raw pointer after potential GC
Fixes the one case after calling EnsureSourcePositionsCollected that we
were still using the non-handle version of the SharedFunctionInfo.
Bug: chromium:1048555
Change-Id: I6baca7d9a75bff1924a72df914b0cd3bfa15542b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | chromium/v8/src/snapshot/code-serializer.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/chromium/v8/src/snapshot/code-serializer.cc b/chromium/v8/src/snapshot/code-serializer.cc index 7e12c82b895..37aec334573 100644 --- a/chromium/v8/src/snapshot/code-serializer.cc +++ b/chromium/v8/src/snapshot/code-serializer.cc @@ -345,7 +345,7 @@ MaybeHandle<SharedFunctionInfo> CodeSerializer::Deserialize( int column_num = script->GetColumnNumber(shared_info->StartPosition()) + 1; PROFILE(isolate, CodeCreateEvent(CodeEventListener::SCRIPT_TAG, - info.abstract_code(), *shared_info, + shared_info->abstract_code(), *shared_info, *name, line_num, column_num)); } } |