Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: [FileSystem] Harden against overflows of OperationID a bit better #18572

Merged
merged 3 commits into from Jun 4, 2019

Conversation

Projects
None yet
6 participants
@miniak
Copy link
Contributor

commented Jun 2, 2019

Description of Change

Backport fix for https://bugs.chromium.org/p/chromium/issues/detail?id=925864
https://chromium.googlesource.com/chromium/src.git/+/b38064dbb21aaf32151073dcb7d594b240c68f73

[FileSystem] Harden against overflows of OperationID a bit better.

Rather than having a UAF when OperationID overflows instead overwrite
the old operation with the new one. Can still cause weirdness, but at
least won't result in UAF. Also update OperationID to uint64_t to
make sure we don't overflow to begin with.

/cc @electron/wg-security

Checklist

Release Notes

Notes: Backported fix for https://bugs.chromium.org/p/chromium/issues/detail?id=925864.

@miniak miniak requested a review from electron/wg-security Jun 2, 2019

@miniak miniak self-assigned this Jun 2, 2019

@zcbenz

zcbenz approved these changes Jun 3, 2019

@miniak miniak added the backport label Jun 3, 2019

@alexeykuzmin

This comment has been minimized.

Copy link
Contributor

commented Jun 3, 2019

@miniak Can you please fix conflicts?

@miniak

This comment has been minimized.

Copy link
Contributor Author

commented Jun 4, 2019

@codebytere codebytere merged commit a6f9b6f into 4-2-x Jun 4, 2019

12 of 13 checks passed

Valid Backport Invalid Backport
Details
Artifact Comparison No Changes
Details
Semantic Pull Request ready to be squashed
Details
WIP Ready for review
Details
appveyor: win-ia32-testing AppVeyor build succeeded
Details
appveyor: win-ia32-testing-pr AppVeyor build succeeded
Details
appveyor: win-x64-testing AppVeyor build succeeded
Details
appveyor: win-x64-testing-pr AppVeyor build succeeded
Details
build-linux Workflow: build-linux
Details
build-mac Workflow: build-mac
Details
electron-arm-testing Build #20190604.27 succeeded
Details
electron-arm64-testing Build #20190604.27 succeeded
Details
release-notes Release notes found
@release-clerk

This comment has been minimized.

Copy link

commented Jun 4, 2019

Release Notes Persisted

Backported fix for https://bugs.chromium.org/p/chromium/issues/detail?id=925864.

@codebytere codebytere deleted the miniak/backport-925864-4-2-x branch Jun 4, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.