-
Notifications
You must be signed in to change notification settings - Fork 6.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[history] Fix unchecked chrome.send param in ForeignSessionHandler
The bug describes that a heap overflow can be triggered by using chrome.send to send an invalid message to the C++ handler. That was true because the C++ handler did not check the bounds of the array before using the parameter. This code is essentially unowned, but I'm fixing it because I'm listed as a History owner. Bug: 1408120 Change-Id: Ia8f049ca8bc35bbe63122affcb24b83d7d9cdb62 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4226314 Code-Coverage: Findit <findit-for-me@appspot.gserviceaccount.com> Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org> Commit-Queue: Demetrios Papadopoulos <dpapad@chromium.org> Auto-Submit: Tommy Li <tommycli@chromium.org> Cr-Commit-Position: refs/heads/main@{#1102408}
- Loading branch information
Tommy C. Li
authored and
Chromium LUCI CQ
committed
Feb 7, 2023
1 parent
28947b7
commit 70617a3
Showing
2 changed files
with
13 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters