angler-fishThe Vulnerability History Project

Protect WebURLLoaderImpl::Context while receiving responses.

      A client's didReceiveResponse can cancel a request; by protecting the
Context we avoid a use after free in this case.

Interestingly, we really had very good warning about this problem, see 
https://codereview.chromium.org/11900002/ back in January.

R=darin
BUG=241139

Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=202821

Review URL: https://chromiumcodereview.appspot.com/15738007

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@203935 0039d316-1c4b-4281-b951-d872f2087c98
by Gwendolyn the Sumatran Rhinoceros 2013-06-04 12:35:53 UTC
commit 5d7dc5133c623d55b650eeef2cdcd86079e494da
Chromium Fix Use After 404 CVE-2013-2873
content/browser/webkit_browsertest.cc
-15
content/test/data/error-body-no-crash.html
-6
webkit/glue/weburlloader_impl.cc
-1
expand_less