diff options
author | Geoff Lang <geofflang@chromium.org> | 2022-02-01 17:36:03 -0500 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2023-05-02 08:58:50 +0000 |
commit | fc2d84dc7a8642f3ce5d0fda565ee3b6f7debbcb (patch) | |
tree | 4682fd39663b8451ffef3641a5b4ba543ffe0f55 | |
parent | 4c73b43a3c83c120d6ac4279c06e7f013fafc42d (diff) | |
download | qtwebengine-chromium-fc2d84dc7a8642f3ce5d0fda565ee3b6f7debbcb.tar.gz |
[Backport] CVE-2023-1818: Use after free in Vulkan. (1/2)
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/angle/angle/+/3430243:
Vulkan: Wait forever when waiting on fences
If a timeout occurs while waiting for the VK queue to be idle during
context destruction, there is no way to safely delete the resources
without potentially crashing as the driver is still reading them.
Instead, wait forever and let Chrome's watchdog tear the process down.
Bug: chromium:1223346
Change-Id: Ifa91465270f54b62a5ead88e8f26b3315072c380
Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/3430243
Reviewed-by: Zhenyao Mo <zmo@chromium.org>
Reviewed-by: Shahbaz Youssefi <syoussefi@chromium.org>
Commit-Queue: Geoff Lang <geofflang@chromium.org>
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/474368
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | chromium/third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/chromium/third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp b/chromium/third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp index ac39eb26deb..07adecc5851 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp +++ b/chromium/third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp @@ -4602,7 +4602,7 @@ std::string RendererVk::getAndClearLastValidationMessage(uint32_t *countSinceLas uint64_t RendererVk::getMaxFenceWaitTimeNs() const { - constexpr uint64_t kMaxFenceWaitTimeNs = 120'000'000'000llu; + constexpr uint64_t kMaxFenceWaitTimeNs = std::numeric_limits<uint64_t>::max(); return kMaxFenceWaitTimeNs; } |