Fix potential UAF in MediaStreamTrackImpl [chromium/src : main]
0 views
Skip to first unread message
Evan Liu (Gerrit)
Jul 7, 2025, 8:38:26 PM7/7/25
to Olga Sharonova, chromium...@chromium.org, blink-...@chromium.org, feature-me...@chromium.org, kinuko...@chromium.org, tommyw+w...@chromium.org
Attention needed from Olga Sharonova
Evan Liu voted Commit-Queue+1![]( "Open in Gerrit")
| Commit-Queue | +1 |
Related details
Attention is currently required from:
- Olga Sharonova
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Mark Foltz (Gerrit)
Jul 10, 2025, 8:18:38 PM7/10/25
to Evan Liu, Mark Foltz, Chromium LUCI CQ, chromium...@chromium.org, blink-...@chromium.org, feature-me...@chromium.org, kinuko...@chromium.org, tommyw+w...@chromium.org
Attention needed from Evan Liu
Mark Foltz voted and added 1 comment![]( "Open in Gerrit")
Votes added by Mark Foltz
| Code-Review | +1 |
1 comment
Patchset-level comments
File-level comment, Patchset 2 (Latest):
Mark Foltz . resolved
Can you CC me on the issue so I can understand the root cause?
From looking at the test, it seemed hard to trigger from script.
Related details
Attention is currently required from:
- Evan Liu
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Evan Liu (Gerrit)
Jul 10, 2025, 9:50:25 PM7/10/25
to Mark Foltz, Chromium LUCI CQ, chromium...@chromium.org, blink-...@chromium.org, feature-me...@chromium.org, kinuko...@chromium.org, tommyw+w...@chromium.org
Evan Liu added 1 comment![]( "Open in Gerrit")
Patchset-level comments
Mark Foltz . resolved
Can you CC me on the issue so I can understand the root cause?
From looking at the test, it seemed hard to trigger from script.
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Evan Liu (Gerrit)
Jul 14, 2025, 1:46:18 PM7/14/25
to Mark Foltz, Chromium LUCI CQ, chromium...@chromium.org, blink-...@chromium.org, feature-me...@chromium.org, kinuko...@chromium.org, tommyw+w...@chromium.org
Evan Liu voted Commit-Queue+2![]( "Open in Gerrit")
| Commit-Queue | +2 |
Related details
Attention set is empty
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Chromium LUCI CQ (Gerrit)
Jul 14, 2025, 3:22:10 PM7/14/25
to Evan Liu, Mark Foltz, chromium...@chromium.org, blink-...@chromium.org, feature-me...@chromium.org, kinuko...@chromium.org, tommyw+w...@chromium.org
Chromium LUCI CQ submitted the change![]( "Open in Gerrit")
Change information
Commit message:
Fix potential UAF in MediaStreamTrackImpl
This CL fixes a potential UAF vulnerability in MediaStreamTrackImpl
where pointers to the SpeechRecognitionMediaStreamAudioSinks that are
owned by the MediaStreamTrackImpl could potentially be accessed after
the sinks are destroyed.
Fixed: 426054987
Change-Id: I453160a8eed7926e2cc3500260de04d2722c98e1
Commit-Queue: Evan Liu <ev...@google.com>
Reviewed-by: Mark Foltz <mfo...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1486476}
Files:
- M third_party/blink/renderer/modules/mediastream/media_stream_track_impl.cc
- M third_party/blink/renderer/modules/mediastream/media_stream_track_impl.h
- M third_party/blink/renderer/modules/mediastream/media_stream_track_impl_test.cc
Change size: M
Delta: 3 files changed, 79 insertions(+), 18 deletions(-)
Branch: refs/heads/main
Submit Requirements:
Code-Review: +1 by Mark Foltz
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages