diff --git a/assets/semgrep_rules/c/chromium-uaf.yaml b/assets/semgrep_rules/c/chromium-uaf.yaml index 23f729a1..572962f9 100644 --- a/assets/semgrep_rules/c/chromium-uaf.yaml +++ b/assets/semgrep_rules/c/chromium-uaf.yaml @@ -8,6 +8,7 @@ rules: - pattern-not-inside: receiver_.set_disconnect_with_reason_handler(...) - pattern-not-inside: remote_.set_disconnect_handler(...) - pattern-not-inside: remote_.set_disconnect_with_reason_handler(...) + - pattern-not-inside: timer_.Start(...) metadata: author: Andrea Brancaleoni diff --git a/t3sts/semgrep_rules/uaf.cpp b/t3sts/semgrep_rules/uaf.cpp index afd66005..0836de34 100644 --- a/t3sts/semgrep_rules/uaf.cpp +++ b/t3sts/semgrep_rules/uaf.cpp @@ -66,4 +66,9 @@ v8::Local uaf(v8::Isolate* isolate) { // ok: chromium-unretained-uaf remote_.set_disconnect_with_reason_handler( base::BindOnce(&LoggerImpl::OnError, base::Unretained(this))); + + // ok: chromium-unretained-uaf + timer_.Start(FROM_HERE, base::Seconds(1), + base::BindRepeating(base::Unretained(this), 42)); + }