Skip to content

Commit

Permalink
fix: crash when invoking login callback synchronously (#30068) (#30091)
Browse files Browse the repository at this point in the history
  • Loading branch information
nornagon authored Jul 14, 2021
1 parent cb614d1 commit 945ecdd
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion shell/browser/login_handler.cc
Original file line number Diff line number Diff line change
Expand Up @@ -69,11 +69,15 @@ void LoginHandler::EmitEvent(
details.Set("firstAuthAttempt", first_auth_attempt);
details.Set("responseHeaders", response_headers.get());

auto weak_this = weak_factory_.GetWeakPtr();
bool default_prevented =
api_web_contents->Emit("login", std::move(details), auth_info,
base::BindOnce(&LoginHandler::CallbackFromJS,
weak_factory_.GetWeakPtr()));
if (!default_prevented && auth_required_callback_) {
// ⚠️ NB, if CallbackFromJS is called during Emit(), |this| will have been
// deleted. Check the weak ptr before accessing any member variables to
// prevent UAF.
if (weak_this && !default_prevented && auth_required_callback_) {
std::move(auth_required_callback_).Run(base::nullopt);
}
}
Expand Down

0 comments on commit 945ecdd

Please sign in to comment.