electron/patches/chromium/cherry-pick-c1cda70a433a.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Mike Wasserman <msw@chromium.org>
Date: Thu, 21 Dec 2023 22:33:05 +0000
Subject: Speculative fix for UAF in
 content::WebContentsImpl::ExitFullscreenMode

Bug: 1506535, 854815
Change-Id: Iace64d63f8cea2dbfbc761ad233db42451ec101c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5146875
Commit-Queue: John Abd-El-Malek <jam@chromium.org>
Auto-Submit: Mike Wasserman <msw@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1240353}

diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
index dd060f4207516af6b7db21593dcbed3848d47409..0ecc7989e7bfa459c80b4fe10705781257dd9b7d 100644
--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -3748,7 +3748,12 @@ void WebContentsImpl::ExitFullscreenMode(bool will_cause_resize) {
     static_cast<RenderWidgetHostViewBase*>(view)->ExitFullscreenMode();
 
   if (delegate_) {
+    // This may spin the message loop and destroy this object crbug.com/1506535
+    base::WeakPtr<WebContentsImpl> weak_ptr = weak_factory_.GetWeakPtr();
     delegate_->ExitFullscreenModeForTab(this);
+    if (!weak_ptr) {
+      return;
+    }
 
     if (keyboard_lock_widget_)
       delegate_->CancelKeyboardLockRequest(this);