Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(438)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/inspector/v8-console-message.cc

Issue 2436783003: [inspector] fix UAF in another part of console code (Closed)
Patch Set: Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/inspector/v8-console-message.cc
diff --git a/src/inspector/v8-console-message.cc b/src/inspector/v8-console-message.cc
index 1f50571ded02cce31e1dca0b2ba7621c246f577e..63f1d49faf324d4d8df4feaf155611f2a10daefa 100644
--- a/src/inspector/v8-console-message.cc
+++ b/src/inspector/v8-console-message.cc
@@ -229,9 +229,12 @@ void V8ConsoleMessage::reportToFrontend(
std::unique_ptr<protocol::Array<protocol::Runtime::RemoteObject>>
V8ConsoleMessage::wrapArguments(V8InspectorSessionImpl* session,
bool generatePreview) const {
- if (!m_arguments.size() || !m_contextId) return nullptr;
+ V8InspectorImpl* inspector = session->inspector();
+ int contextGroupId = session->contextGroupId();
+ int contextId = m_contextId;
+ if (!m_arguments.size() || !contextId) return nullptr;
InspectedContext* inspectedContext =
- session->inspector()->getContext(session->contextGroupId(), m_contextId);
+ inspector->getContext(contextGroupId, contextId);
if (!inspectedContext) return nullptr;
v8::Isolate* isolate = inspectedContext->isolate();
@@ -247,6 +250,8 @@ V8ConsoleMessage::wrapArguments(V8InspectorSessionImpl* session,
: v8::Local<v8::Value>();
std::unique_ptr<protocol::Runtime::RemoteObject> wrapped =
session->wrapTable(context, table, columns);
+ inspectedContext = inspector->getContext(contextGroupId, contextId);
+ if (!inspectedContext) return nullptr;
if (wrapped)
args->addItem(std::move(wrapped));
else
@@ -256,6 +261,8 @@ V8ConsoleMessage::wrapArguments(V8InspectorSessionImpl* session,
std::unique_ptr<protocol::Runtime::RemoteObject> wrapped =
session->wrapObject(context, m_arguments[i]->Get(isolate), "console",
generatePreview);
+ inspectedContext = inspector->getContext(contextGroupId, contextId);
+ if (!inspectedContext) return nullptr;
if (!wrapped) {
args = nullptr;
break;
@@ -269,9 +276,13 @@ V8ConsoleMessage::wrapArguments(V8InspectorSessionImpl* session,
void V8ConsoleMessage::reportToFrontend(protocol::Runtime::Frontend* frontend,
V8InspectorSessionImpl* session,
bool generatePreview) const {
+ int contextGroupId = session->contextGroupId();
+ V8InspectorImpl* inspector = session->inspector();
+
if (m_origin == V8MessageOrigin::kException) {
std::unique_ptr<protocol::Runtime::RemoteObject> exception =
wrapException(session, generatePreview);
+ if (!inspector->hasConsoleMessageStorage(contextGroupId)) return;
std::unique_ptr<protocol::Runtime::ExceptionDetails> exceptionDetails =
protocol::Runtime::ExceptionDetails::create()
.setExceptionId(m_exceptionId)
@@ -296,6 +307,7 @@ void V8ConsoleMessage::reportToFrontend(protocol::Runtime::Frontend* frontend,
if (m_origin == V8MessageOrigin::kConsole) {
std::unique_ptr<protocol::Array<protocol::Runtime::RemoteObject>>
arguments = wrapArguments(session, generatePreview);
+ if (!inspector->hasConsoleMessageStorage(contextGroupId)) return;
if (!arguments) {
arguments = protocol::Array<protocol::Runtime::RemoteObject>::create();
if (!m_message.isEmpty()) {
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698