From 92bb62539606a47f0370f0558a267fd9bc7e4e0c Mon Sep 17 00:00:00 2001 From: Xinghui Lu Date: Thu, 24 Feb 2022 21:23:26 +0000 Subject: [Backport] Security bug 1296334 Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/3483595: Replace RawPtr with WeakPtr when posting task to cache_manager When RealTimeUrlLookupServiceBase post a task to cache a verdict, it uses base::Unretained. This is not safe because when the task is run, the cache manager may no longer be valid. Replace base::Unretained with WeakPtr() to avoid this issue. Bug: 1296334 Change-Id: If4e70951b949d349ab35aa52410f044595ababb6 Reviewed-by: Daniel Rubery Commit-Queue: Xinghui Lu Cr-Commit-Position: refs/heads/main@{#974832} Reviewed-by: Michal Klocek --- .../safe_browsing/core/realtime/url_lookup_service_base.cc | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/chromium/components/safe_browsing/core/realtime/url_lookup_service_base.cc b/chromium/components/safe_browsing/core/realtime/url_lookup_service_base.cc index e035129c97a..226511eb3f8 100644 --- a/chromium/components/safe_browsing/core/realtime/url_lookup_service_base.cc +++ b/chromium/components/safe_browsing/core/realtime/url_lookup_service_base.cc @@ -281,9 +281,8 @@ void RealTimeUrlLookupServiceBase::MayBeCacheRealTimeUrlVerdict( if (response.threat_info_size() > 0) { base::PostTask(FROM_HERE, CreateTaskTraits(ThreadID::UI), base::BindOnce(&VerdictCacheManager::CacheRealTimeUrlVerdict, - base::Unretained(cache_manager_), url, - response, base::Time::Now(), - /* store_old_cache */ false)); + cache_manager_->GetWeakPtr(), url, response, + base::Time::Now(), /* store_old_cache */ false)); } } -- cgit v1.2.1