summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-02-07 12:39:42 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-02-07 12:39:42 +0100
commit2b1ccf227b8f409e0572119018c7615b877a6612 (patch)
treea7928199cc3f9b144f09ab102ab6655edd50a5e3
parentf8db3a89b664ce5a53a4b663daf17c70bdaf398d (diff)
downloadUXP-2b1ccf227b8f409e0572119018c7615b877a6612.tar
UXP-2b1ccf227b8f409e0572119018c7615b877a6612.tar.gz
UXP-2b1ccf227b8f409e0572119018c7615b877a6612.tar.lz
UXP-2b1ccf227b8f409e0572119018c7615b877a6612.tar.xz
UXP-2b1ccf227b8f409e0572119018c7615b877a6612.zip
Get RefPtr to transaction before using it. (DiD)
Avoid potential use-after-free by getting a RefPtr to a transaction before calling content code that could cause its de-allocation.
-rw-r--r--dom/indexedDB/ActorsChild.cpp4
1 files changed, 3 insertions, 1 deletions
diff --git a/dom/indexedDB/ActorsChild.cpp b/dom/indexedDB/ActorsChild.cpp
index 3e8f97348..c4fcceb90 100644
--- a/dom/indexedDB/ActorsChild.cpp
+++ b/dom/indexedDB/ActorsChild.cpp
@@ -3456,6 +3456,8 @@ BackgroundCursorChild::RecvResponse(const CursorResponse& aResponse)
RefPtr<IDBCursor> cursor;
mStrongCursor.swap(cursor);
+
+ RefPtr<IDBTransaction> transaction = mTransaction;
switch (aResponse.type()) {
case CursorResponse::Tnsresult:
@@ -3486,7 +3488,7 @@ BackgroundCursorChild::RecvResponse(const CursorResponse& aResponse)
MOZ_CRASH("Should never get here!");
}
- mTransaction->OnRequestFinished(/* aActorDestroyedNormally */ true);
+ transaction->OnRequestFinished(/* aActorDestroyedNormally */ true);
return true;
}