Commit 786227a
[Backport] CVE-2023-2134: Out of bounds memory access in Service Worker API
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4406580:
Stop supporting { handleEvent }.
M108 merge issues:
content_unittests_bundle_data.filelist:
Not present in 108, skipped; Only used in iOS tests on main
Make the code aligned with the following specification update:
w3c/ServiceWorker#1676
With the previous specification and code, event listener vector
can be modified during the GetEffectiveFunction execution, which may
bring unexpected vector state.
(cherry picked from commit 5105ce37a6853d52ec97894bf6969b3c29a23afd)
Change-Id: I732c4c9ab2caebc49a7f4ef52640df7b8476d838
Bug: 1429201
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4394402
Commit-Queue: Yoshisato Yanagisawa <[email protected]>
Cr-Original-Commit-Position: refs/heads/main@{#1126483}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4406580
Commit-Queue: Roger Felipe Zanoni da Silva <[email protected]>
Reviewed-by: Yoshisato Yanagisawa <[email protected]>
Cr-Commit-Position: refs/branch-heads/5359@{#1449}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/474621
Reviewed-by: Allan Sandfeld Jensen <[email protected]>1 parent b2e45eb commit 786227a
File tree
1 file changed
+3
-3
lines changed- chromium/third_party/blink/renderer/modules/service_worker
1 file changed
+3
-3
lines changedLines changed: 3 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
2604 | 2604 | | |
2605 | 2605 | | |
2606 | 2606 | | |
2607 | | - | |
| 2607 | + | |
2608 | 2608 | | |
2609 | 2609 | | |
2610 | 2610 | | |
2611 | 2611 | | |
2612 | 2612 | | |
2613 | 2613 | | |
2614 | 2614 | | |
2615 | | - | |
2616 | | - | |
| 2615 | + | |
| 2616 | + | |
2617 | 2617 | | |
2618 | 2618 | | |
2619 | 2619 | | |
| |||
0 commit comments