From 2b1ccf227b8f409e0572119018c7615b877a6612 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@wolfbeast.com>
Date: Thu, 7 Feb 2019 12:39:42 +0100
Subject: Get RefPtr to transaction before using it. (DiD)

Avoid potential use-after-free by getting a RefPtr to a transaction
before calling content code that could cause its de-allocation.
---
 dom/indexedDB/ActorsChild.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'dom')

diff --git a/dom/indexedDB/ActorsChild.cpp b/dom/indexedDB/ActorsChild.cpp
index 3e8f97348..c4fcceb90 100644
--- a/dom/indexedDB/ActorsChild.cpp
+++ b/dom/indexedDB/ActorsChild.cpp
@@ -3456,6 +3456,8 @@ BackgroundCursorChild::RecvResponse(const CursorResponse& aResponse)
 
   RefPtr<IDBCursor> cursor;
   mStrongCursor.swap(cursor);
+  
+  RefPtr<IDBTransaction> transaction = mTransaction;
 
   switch (aResponse.type()) {
     case CursorResponse::Tnsresult:
@@ -3486,7 +3488,7 @@ BackgroundCursorChild::RecvResponse(const CursorResponse& aResponse)
       MOZ_CRASH("Should never get here!");
   }
 
-  mTransaction->OnRequestFinished(/* aActorDestroyedNormally */ true);
+  transaction->OnRequestFinished(/* aActorDestroyedNormally */ true);
 
   return true;
 }
-- 
cgit v1.2.3