Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 1894458e04a2 from chromium #36301

Merged
merged 4 commits into from Nov 11, 2022
+38 −0
Merged

chore: cherry-pick 1894458e04a2 from chromium #36301

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3588000
chore: [19-x-y] cherry-pick 1894458e04a2 from chromium
ppontes Nov 10, 2022
03152fe
chore: update patches
patchup[bot] Nov 10, 2022
1704867
Merged in branch '19-x-y' to fix mergability
electron-patch-conflict-fixer[bot] Nov 10, 2022
34b850d
Merge branch '19-x-y' into cherry-pick/19-x-y/chromium/1894458e04a2
jkleinsc Nov 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions patches/chromium/.patches
View file
Open in desktop
Expand Up @@ -154,5 +154,6 @@ cherry-pick-d5ffb4dd4112.patch
cherry-pick-06c87f9f42ff.patch
refresh_cached_attributes_before_name_computation_traversal.patch
review_add_clear_children_checks_during_accname_traversal.patch
cherry-pick-1894458e04a2.patch
cherry-pick-a1cbf05b4163.patch
cherry-pick-ac4785387fff.patch
37 changes: 37 additions & 0 deletions patches/chromium/cherry-pick-1894458e04a2.patch
View file
Open in desktop
@@ -0,0 +1,37 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Joshua Peraza <jperaza@chromium.org>
Date: Thu, 3 Nov 2022 21:18:35 +0000
Subject: Validate number of bytes read

Original commit:
https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3994208

(cherry picked from commit 7585111a6c1dfa502f3ca1e3d27aed066e479fd9)

Bug: chromium:1380083
Change-Id: If9708ccdbf6957ef169b35f8f89e2b0744d066d7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4000305
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/5359@{#529}
Cr-Original-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4004067
Cr-Commit-Position: refs/branch-heads/5249@{#905}
Cr-Branched-From: 4f7bea5de862aaa52e6bde5920755a9ef9db120b-refs/heads/main@{#1036826}

diff --git a/third_party/crashpad/crashpad/util/linux/ptrace_client.cc b/third_party/crashpad/crashpad/util/linux/ptrace_client.cc
index 1863841f73f64d89391646f5c3e5fc2e2766a6cc..32cc35d9567117fe0eb6f1ec4736ac4a15ddfd83 100644
--- a/third_party/crashpad/crashpad/util/linux/ptrace_client.cc
+++ b/third_party/crashpad/crashpad/util/linux/ptrace_client.cc
@@ -331,6 +331,11 @@ ssize_t PtraceClient::ReadUpTo(VMAddress address, size_t size, void* buffer) {
return total_read;
}

+ if (static_cast<size_t>(bytes_read) > size) {
+ LOG(ERROR) << "invalid size " << bytes_read;
+ return -1;
+ }
+
if (!LoggingReadFileExactly(sock_, buffer_c, bytes_read)) {
return -1;
}