Potential UAF when deleting a webview that's displaying fullscreen Flash content
Bug #1510963 reported by
Chris Coulson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Oxide |
Fix Released
|
High
|
Chris Coulson |
Bug Description
If a webview that is displaying fullscreen Flash content is deleted, we don't correctly null out the |container_| pointer on RWHV, which could result in a use-after-free
Related branches
Changed in oxide: | |
importance: | Undecided → High |
status: | New → In Progress |
assignee: | nobody → Chris Coulson (chrisccoulson) |
milestone: | none → branch-1.12 |
Changed in oxide: | |
status: | In Progress → Fix Released |
To post a comment you must log in.