From e41f4b1857e13c223d8a639329cc784d603ac66e Mon Sep 17 00:00:00 2001 From: zxu Date: Fri, 9 Mar 2018 11:48:07 -0500 Subject: Merge Release 4.10.1 into Master (#896) * Version bumps for Firebase 4.10.1 (#891) * Minimal fix for b/74357976 (#890) Fixes b/74357976 which caused unauthenticated users to be unable to reach the Firestore backend and updates the changelog. * Copy all C++ strings to NSString where they're not obviously safe (#893) This fixes a known instances of memory corruption where in FSTLevelDBMutationQueue, the NSString view was retained for later, and the incorrect user was used, causing b/74381054. gRPC does not necessarily copy its string argumnets and if our hostname were configured to a non-default one it's possible that we could corrupt the host cache too. All remaining usages of util::WrapNSStringNoCopy are obviously safe: passed into logging or other known transient usages. * fix lint --- Firestore/Source/Local/FSTLevelDBMutationQueue.mm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Firestore/Source/Local') diff --git a/Firestore/Source/Local/FSTLevelDBMutationQueue.mm b/Firestore/Source/Local/FSTLevelDBMutationQueue.mm index 1f6484d..575e98d 100644 --- a/Firestore/Source/Local/FSTLevelDBMutationQueue.mm +++ b/Firestore/Source/Local/FSTLevelDBMutationQueue.mm @@ -94,7 +94,7 @@ static ReadOptions StandardReadOptions() { + (instancetype)mutationQueueWithUser:(const User &)user db:(std::shared_ptr)db serializer:(FSTLocalSerializer *)serializer { - NSString *userID = user.is_authenticated() ? util::WrapNSStringNoCopy(user.uid()) : @""; + NSString *userID = user.is_authenticated() ? util::WrapNSString(user.uid()) : @""; return [[FSTLevelDBMutationQueue alloc] initWithUserID:userID db:db serializer:serializer]; } @@ -103,7 +103,7 @@ static ReadOptions StandardReadOptions() { db:(std::shared_ptr)db serializer:(FSTLocalSerializer *)serializer { if (self = [super init]) { - _userID = userID; + _userID = [userID copy]; _db = db; _serializer = serializer; } -- cgit v1.2.3