[Backport] CVE-2020-6434

Fix deref of raw pointer after potential GC Fixes the one case after calling EnsureSourcePositionsCollected that we were still using the non-handle version of the SharedFunctionInfo. Bug: chromium:1048555 Change-Id: I6baca7d9a75bff1924a72df914b0cd3bfa15542b Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
author: Dan Elphick <delphick@chromium.org> 2020-02-05 10:31:02 +0000
committer: Michal Klocek <michal.klocek@qt.io> 2020-04-22 18:13:14 +0000
commit: 0f16d8d83e47effe3b5d38a4136f9353647dda35 (patch)
tree: 69d70bc27fb07f4bfe5dea24d065c86d63770aba
parent: 39d2873778c5bcc237843216180b3a52ceb5b1f4 (diff)
download: qtwebengine-chromium-0f16d8d83e47effe3b5d38a4136f9353647dda35.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/chromium/v8/src/snapshot/code-serializer.cc b/chromium/v8/src/snapshot/code-serializer.cc
index 7e12c82b895..37aec334573 100644
--- a/chromium/v8/src/snapshot/code-serializer.cc
+++ b/chromium/v8/src/snapshot/code-serializer.cc
@@ -345,7 +345,7 @@ MaybeHandle<SharedFunctionInfo> CodeSerializer::Deserialize(
           int column_num =
               script->GetColumnNumber(shared_info->StartPosition()) + 1;
           PROFILE(isolate, CodeCreateEvent(CodeEventListener::SCRIPT_TAG,
-                                           info.abstract_code(), *shared_info,
+                                           shared_info->abstract_code(), *shared_info,
                                            *name, line_num, column_num));
         }
       }
author	Dan Elphick <delphick@chromium.org>	2020-02-05 10:31:02 +0000
committer	Michal Klocek <michal.klocek@qt.io>	2020-04-22 18:13:14 +0000
commit	0f16d8d83e47effe3b5d38a4136f9353647dda35 (patch)
tree	69d70bc27fb07f4bfe5dea24d065c86d63770aba
parent	39d2873778c5bcc237843216180b3a52ceb5b1f4 (diff)
download	qtwebengine-chromium-0f16d8d83e47effe3b5d38a4136f9353647dda35.tar.gz