Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 3 changes from 3-M123 #41854

Merged
merged 2 commits into from Apr 15, 2024
Merged

chore: cherry-pick 3 changes from 3-M123 #41854

merged 2 commits into from Apr 15, 2024
+380 −1

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Apr 13, 2024

electron/security#491 - a65e511a14b4 from DirectXShaderCompiler Fix ASAN use-after-free on unreferenced self-assignment of struct instance (#6466)

When deleting an unused memcpy, ScalarReplAggregatesHLSL was attempting
to delete both the target and the source of the memcpy without first
checking if they were both same, resulting in a double-delete.

Bug: chromium:331123811
Change-Id: Idaef95a06b10a7fb6f0ca2e662972a44ec662fbc
Reviewed-on: https://chromium-review.googlesource.com/c/external/github.com/microsoft/DirectXShaderCompiler/+/5419225
Reviewed-by: David Neto dneto@google.com
Reviewed-by: dan sinclair dsinclair@chromium.org
Reviewed-by: Ben Clayton bclayton@chromium.org

electron/security#492 - f6672dbbe223 from angle M123: Translator: Disallow samplers in structs in interface blocks

As disallowed by the spec:

Types and declarators are the same as for other uniform variable
declarations outside blocks, with these exceptions:

  • opaque types are not allowed

Bug: chromium:328859176
Change-Id: Ib94977860102329e520e635c3757827c93ca2163
Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/5391986
Auto-Submit: Shahbaz Youssefi syoussefi@chromium.org
Reviewed-by: Geoff Lang geofflang@chromium.org
Commit-Queue: Shahbaz Youssefi syoussefi@chromium.org
(cherry picked from commit a0fa06f6d79ced897c0fe2795551268199d29806)
Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/5435737
Reviewed-by: Yuly Novikov ynovikov@chromium.org

electron/security#490 - 1b1f34234346 from chromium [M120-LTS] Validate buffer length

The BitmapInSharedMemory mojo traits were only validating row length and
not total buffer length.

(cherry picked from commit 1a19ff70bd54847d818566bd7a1e7c384c419746)

(cherry picked from commit f15315f1cb7897e208947a40d538aac693283d7f)

Bug: 331237485
Change-Id: Ia2318899c44e9e7ac72fc7183954e6ce2c702179
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5396796
Commit-Queue: Kyle Charbonneau kylechar@chromium.org
Cr-Original-Original-Commit-Position: refs/heads/main@{#1278417}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5420432
Commit-Queue: danakj danakj@chromium.org
Cr-Original-Commit-Position: refs/branch-heads/6312@{#786}
Cr-Original-Branched-From: 6711dcdae48edaf98cbc6964f90fac85b7d9986e-refs/heads/main@{#1262506}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5433678
Reviewed-by: danakj danakj@chromium.org
Reviewed-by: Kyle Charbonneau kylechar@chromium.org
Cr-Commit-Position: refs/branch-heads/6099@{#2003}
Cr-Branched-From: e6ee4500f7d6549a9ac1354f8d056da49ef406be-refs/heads/main@{#1217362}

Notes:

@ppontes ppontes requested a review from a team as a code owner April 13, 2024 22:48
@ppontes ppontes added security 🔒 semver/patch backwards-compatible bug fixes backport-check-skip Skip trop's backport validity checking 29-x-y labels Apr 13, 2024
@ppontes ppontes marked this pull request as draft April 13, 2024 22:49
@ppontes ppontes force-pushed the cherry-pick/security/29-x-y/3-m123 branch from b825e46 to 361f18d Compare April 13, 2024 23:01
@ppontes
chore: [29-x-y] cherry-pick 3 changes from 3-M123
c79f577 
* a65e511a14b4 from DirectXShaderCompiler
* f6672dbbe223 from angle
* 1b1f34234346 from chromium
@ppontes ppontes force-pushed the cherry-pick/security/29-x-y/3-m123 branch from 361f18d to c79f577 Compare April 13, 2024 23:04
@ppontes ppontes marked this pull request as ready for review April 13, 2024 23:21
@MarshallOfSound MarshallOfSound merged commit 297be64 into 29-x-y Apr 15, 2024
13 checks passed
@MarshallOfSound MarshallOfSound deleted the cherry-pick/security/29-x-y/3-m123 branch April 15, 2024 00:01
@release-clerk Release Clerk
Copy link

release-clerk bot commented Apr 15, 2024

Release Notes Persisted

  • Security: backported fix for CVE-2024-3515.
  • Security: backported fix for CVE-2024-3516.
  • Security: backported fix for CVE-2024-3157.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MarshallOfSound MarshallOfSound MarshallOfSound approved these changes

Assignees
No one assigned
Labels
29-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ppontes @MarshallOfSound