#51069: fix: UAF in api::UtilityProcessWrapper
Description of Change
Detach the wrapper from ServiceProcessHost during termination instead of waiting for destruction. Add a regression test that forces GC.
This fixes a UAF error reported by ASAN: the wrapper lost its last JS reference and become collectible after emitting exit but before it had been removed from the global observer list.
I think this was introduced in b9e462f (#50955) when UtilityProcessWrapper was migrated to cppgc and we should probably include this fix when backporting that to 42-x-y. Marking as no-backport only because this fix shouldn't land separately w/o #50955.
Checklist
- I have built and tested this change
- I have filled out the PR description
- I have reviewed and verified the changes
-
npm testpasses - tests are changed or added
- PR release notes describe the change in a way relevant to app developers, and are capitalized, punctuated, and past tense.
Release Notes
Notes: none.
Backports
No Backports Requested
This pull request doesn't have any backports requested or created for older release branches.
What are backports?
Backports are copies of changes made to the main branch that are applied to older release branches. They ensure that bug fixes and important changes are available in maintained older versions of Electron.
Semver Impact
Semantic Versioning helps users understand the impact of updates:
- Major (X.y.z): Breaking changes that may require code modifications
- Minor (x.Y.z): New features that maintain backward compatibility
- Patch (x.y.Z): Bug fixes that don't change the API
- None: Changes that don't affect using facing parts of Electron