Fix heap-use-after-free in CefBrowserMessageFilter::OnFrameFocused (issue #1567).

git-svn-id: https://chromiumembedded.googlecode.com/svn/branches/2272@2050 5089003a-bbd8-11dd-ad1f-f1f9622dbc98
2025-06-05 21:39:12 +02:00 · 2015-03-04 19:24:58 +00:00
parent b411bcabed
commit c61d698b35
1 changed files with 5 additions and 0 deletions
--- a/libcef/browser/browser_message_filter.cc
+++ b/libcef/browser/browser_message_filter.cc
@@ -35,6 +35,8 @@ void CefBrowserMessageFilter::OnFilterAdded(IPC::Sender* sender) {
 }

 void CefBrowserMessageFilter::OnFilterRemoved() {
+  host_ = NULL;
+  sender_ = NULL;
 }

 bool CefBrowserMessageFilter::OnMessageReceived(const IPC::Message& message) {
@@ -124,6 +126,9 @@ void CefBrowserMessageFilter::OnFrameFocused(int32 render_frame_routing_id) {
    return;
  }

+  if (!host_)
+    return;
+
  CefRefPtr<CefBrowserHostImpl> browser =
      CefBrowserHostImpl::GetBrowserForFrame(host_->GetID(),
                                             render_frame_routing_id);