Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 1121a459f094 from angle #35425

Merged
merged 1 commit into from Aug 25, 2022
Merged

chore: cherry-pick 1121a459f094 from angle #35425

merged 1 commit into from Aug 25, 2022

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Aug 24, 2022

M104: Vulkan: Fix xfb buffer redefine to smaller size

In 89e11878b275b15735eaf273ababfa6fd43a2e3d, a use-after-free bug was
fixed where glBufferData redefined a buffer, leading to a change in
storage. This was only tested for the case where the new buffer was
larger than the old buffer.

When the new buffer is smaller however, another issue remains where the
buffer size as cached by the transform feedback object used the old
object's size. This is worked around in this change, with a fix for the
real issue (that the buffer state is updated after calling into the
backend instead of before) coming up.

Bug: chromium:1345042
Change-Id: I7bafd51b6203a419e5ef123da26b9e1eaf079bf1
Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/3812556
Reviewed-by: Ian Elliott ianelliott@google.com

Ref electron/security#198

Notes: Security: backported fix for CVE-2022-2855.

@ppontes ppontes requested review from a team as code owners August 24, 2022 13:40
@ppontes ppontes added 19-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes labels Aug 24, 2022
@ppontes ppontes force-pushed the cherry-pick/19-x-y/angle/1121a459f094 branch from c2daa4c to 1933561 Compare August 24, 2022 14:07
@zcbenz zcbenz merged commit 0d207d2 into 19-x-y Aug 25, 2022
@zcbenz zcbenz deleted the cherry-pick/19-x-y/angle/1121a459f094 branch August 25, 2022 06:43
@release-clerk
Copy link

release-clerk bot commented Aug 25, 2022

Release Notes Persisted

Security: backported fix for CVE-2022-2855.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zcbenz zcbenz zcbenz approved these changes

Assignees
No one assigned
Labels
19-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ppontes @zcbenz