Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick f1504440487f from chromium #34541

Merged
merged 3 commits into from Jun 15, 2022
Merged

chore: cherry-pick f1504440487f from chromium #34541

merged 3 commits into from Jun 15, 2022

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Jun 14, 2022
edited

PaintOpReader: Harden PaintImage deserialization

This fix prevents the deserialization of PaintImage pixel data from
reading data out of bounds when the block of serialized pixel data isn't
large enough to cover the expected amount of data, given the size and
format of the image.

(cherry picked from commit e89ea1489429a9a9e49e70d5d4e8d018fbafb6ac)

Bug: 1325298
Change-Id: Icbeb405d2031d7d8ce4537836d7996ce7885f6d1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3669596
Commit-Queue: Justin Novosad junov@chromium.org
Reviewed-by: Jonathan Ross jonross@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1007804}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3687975
Bot-Commit: Rubber Stamper rubber-stamper@appspot.gserviceaccount.com
Reviewed-by: Justin Novosad junov@chromium.org
Auto-Submit: Srinivas Sista srinivassista@chromium.org
Commit-Queue: Srinivas Sista srinivassista@chromium.org
Cr-Commit-Position: refs/branch-heads/5005@{#1093}
Cr-Branched-From: 5b4d9450fee01f821b6400e947b3839727643a71-refs/heads/main@{#992738}

Notes: Backported fix for CVE-2022-2010.

@ppontes ppontes requested review from a team as code owners June 14, 2022 16:12
@ppontes ppontes added 17-x-y backport-check-skip Skip trop's backport validity checking semver/patch backwards-compatible bug fixes labels Jun 14, 2022
@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels Jun 14, 2022
@jkleinsc jkleinsc merged commit 9e5aec2 into 17-x-y Jun 15, 2022
@jkleinsc jkleinsc deleted the cherry-pick/17-x-y/chromium/f1504440487f branch June 15, 2022 15:32
@release-clerk
Copy link

release-clerk bot commented Jun 15, 2022

Release Notes Persisted

Backported fix for CVE-2022-2010.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkleinsc jkleinsc jkleinsc approved these changes

@zcbenz zcbenz zcbenz approved these changes

Assignees
No one assigned
Labels
17-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ppontes @jkleinsc @zcbenz @electron-bot