From 61961af43742315414dff769de4433a62c69a539 Mon Sep 17 00:00:00 2001 From: Andrea Brancaleoni Date: Mon, 17 Jul 2023 12:02:21 +0200 Subject: [PATCH] chromium-uaf.yml: simple timer checker --- assets/semgrep_rules/c/chromium-uaf.yaml | 1 + t3sts/semgrep_rules/uaf.cpp | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/assets/semgrep_rules/c/chromium-uaf.yaml b/assets/semgrep_rules/c/chromium-uaf.yaml index 23f729a1..572962f9 100644 --- a/assets/semgrep_rules/c/chromium-uaf.yaml +++ b/assets/semgrep_rules/c/chromium-uaf.yaml @@ -8,6 +8,7 @@ rules: - pattern-not-inside: receiver_.set_disconnect_with_reason_handler(...) - pattern-not-inside: remote_.set_disconnect_handler(...) - pattern-not-inside: remote_.set_disconnect_with_reason_handler(...) + - pattern-not-inside: timer_.Start(...) metadata: author: Andrea Brancaleoni diff --git a/t3sts/semgrep_rules/uaf.cpp b/t3sts/semgrep_rules/uaf.cpp index afd66005..0836de34 100644 --- a/t3sts/semgrep_rules/uaf.cpp +++ b/t3sts/semgrep_rules/uaf.cpp @@ -66,4 +66,9 @@ v8::Local uaf(v8::Isolate* isolate) { // ok: chromium-unretained-uaf remote_.set_disconnect_with_reason_handler( base::BindOnce(&LoggerImpl::OnError, base::Unretained(this))); + + // ok: chromium-unretained-uaf + timer_.Start(FROM_HERE, base::Seconds(1), + base::BindRepeating(base::Unretained(this), 42)); + }