From 4de3b11d0c7b224681a6f0fae2d26f6f3a5fdca0 Mon Sep 17 00:00:00 2001 From: Pedro Pontes Date: Mon, 2 May 2022 15:18:54 +0200 Subject: [PATCH 1/2] chore: cherry-pick 5361d836ae from chromium --- patches/chromium/.patches | 1 + ...to_webgpudecoderimpl_dorequestdevice.patch | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 patches/chromium/m96-lts_add_bounds_check_to_webgpudecoderimpl_dorequestdevice.patch diff --git a/patches/chromium/.patches b/patches/chromium/.patches index 9accad4fb4da6..649f333663e84 100644 --- a/patches/chromium/.patches +++ b/patches/chromium/.patches @@ -174,3 +174,4 @@ skia_renderer_-_don_t_explicitly_clip_scissor_for_large_transforms.patch skia_renderer_use_rectf_intersect_in_applyscissor.patch cherry-pick-1a31e2110440.patch m100_change_ownership_of_blobbytesprovider.patch +m96-lts_add_bounds_check_to_webgpudecoderimpl_dorequestdevice.patch diff --git a/patches/chromium/m96-lts_add_bounds_check_to_webgpudecoderimpl_dorequestdevice.patch b/patches/chromium/m96-lts_add_bounds_check_to_webgpudecoderimpl_dorequestdevice.patch new file mode 100644 index 0000000000000..d40747ce729bb --- /dev/null +++ b/patches/chromium/m96-lts_add_bounds_check_to_webgpudecoderimpl_dorequestdevice.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Austin Eng +Date: Mon, 25 Apr 2022 21:01:40 +0000 +Subject: [M96-LTS] Add bounds check to WebGPUDecoderImpl::DoRequestDevice + +(cherry picked from commit bee4701c99cbbbb25c0bd6c5c79a40f63f1b1e47) + +Fixed: chromium:1314754 +Change-Id: Id23af9cc3df08cca3ce7d627e3761c9a65a2c802 +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3580555 +Commit-Queue: Austin Eng +Cr-Original-Commit-Position: refs/heads/main@{#991510} +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3589810 +Reviewed-by: Achuith Bhandarkar +Owners-Override: Achuith Bhandarkar +Commit-Queue: Roger Felipe Zanoni da Silva +Cr-Commit-Position: refs/branch-heads/4664@{#1603} +Cr-Branched-From: 24dc4ee75e01a29d390d43c9c264372a169273a7-refs/heads/main@{#929512} + +diff --git a/gpu/command_buffer/service/webgpu_decoder_impl.cc b/gpu/command_buffer/service/webgpu_decoder_impl.cc +index 703dd4c1aee81aa8b05733b91d1de05b87ff1c0b..507595e2bb5d47128fc6e08dbadf21c43d36cdf0 100644 +--- a/gpu/command_buffer/service/webgpu_decoder_impl.cc ++++ b/gpu/command_buffer/service/webgpu_decoder_impl.cc +@@ -582,13 +582,13 @@ error::Error WebGPUDecoderImpl::InitDawnDevice( + uint32_t device_generation, + const WGPUDeviceProperties& request_device_properties, + bool* creation_succeeded) { +- DCHECK_LE(0, requested_adapter_index); +- +- DCHECK_LT(static_cast(requested_adapter_index), +- dawn_adapters_.size()); +- + *creation_succeeded = false; + ++ if (requested_adapter_index < 0 || ++ static_cast(requested_adapter_index) >= dawn_adapters_.size()) { ++ return error::kOutOfBounds; ++ } ++ + dawn_native::DeviceDescriptor device_descriptor; + if (request_device_properties.textureCompressionBC) { + device_descriptor.requiredExtensions.push_back("texture_compression_bc"); From bc068686d77df1173220bde7c1250aa870b05cae Mon Sep 17 00:00:00 2001 From: PatchUp <73610968+patchup[bot]@users.noreply.github.com> Date: Mon, 2 May 2022 13:30:23 +0000 Subject: [PATCH 2/2] chore: update patches --- ..._add_bounds_check_to_webgpudecoderimpl_dorequestdevice.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/patches/chromium/m96-lts_add_bounds_check_to_webgpudecoderimpl_dorequestdevice.patch b/patches/chromium/m96-lts_add_bounds_check_to_webgpudecoderimpl_dorequestdevice.patch index d40747ce729bb..941dccaf2ac21 100644 --- a/patches/chromium/m96-lts_add_bounds_check_to_webgpudecoderimpl_dorequestdevice.patch +++ b/patches/chromium/m96-lts_add_bounds_check_to_webgpudecoderimpl_dorequestdevice.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Austin Eng Date: Mon, 25 Apr 2022 21:01:40 +0000 -Subject: [M96-LTS] Add bounds check to WebGPUDecoderImpl::DoRequestDevice +Subject: Add bounds check to WebGPUDecoderImpl::DoRequestDevice (cherry picked from commit bee4701c99cbbbb25c0bd6c5c79a40f63f1b1e47)