diff options
| author | Geoff Lang <geofflang@chromium.org> | 2023-03-17 09:03:11 +0000 |
|---|---|---|
| committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2023-04-04 11:26:16 +0000 |
| commit | bfc3d37f27958e5ce7dbb5b5a95d338cf7334986 (patch) | |
| tree | c3a37780b6ccf6cf61997ebc9feb2a165b133d92 | |
| parent | 6514de996191ccfce0ef2015316df29dbb2599f3 (diff) | |
| download | qtwebengine-chromium-bfc3d37f27958e5ce7dbb5b5a95d338cf7334986.tar.gz | |
[Backport] CVE-2023-1534: Out of bounds read in ANGLE
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4324998:
Disable glShaderBinary in the passthrough cmd decoder.
This matches the behaviour of the validating command decoder. The client
does not use this function and it's not exposed to WebGL.
Bug: 1422594
Change-Id: I87c670e4e80b0078fddb9f089b7ac7777a6debfa
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4324998
Commit-Queue: Geoff Lang <geofflang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1115379}
(cherry picked from commit 4a81311a62d853a43e002f45c6867f73c0accdab)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/469846
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
| -rw-r--r-- | chromium/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/chromium/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc b/chromium/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc index f6edc0fbce7..8f95009add1 100644 --- a/chromium/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc +++ b/chromium/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc @@ -2657,6 +2657,10 @@ error::Error GLES2DecoderPassthroughImpl::DoShaderBinary(GLsizei n, GLenum binaryformat, const void* binary, GLsizei length) { +#if 1 // No binary shader support. + InsertError(GL_INVALID_ENUM, "Invalid enum."); + return error::kNoError; +#else std::vector<GLuint> service_shaders(n, 0); for (GLsizei i = 0; i < n; i++) { service_shaders[i] = GetShaderServiceID(shaders[i], resources_); @@ -2664,6 +2668,7 @@ error::Error GLES2DecoderPassthroughImpl::DoShaderBinary(GLsizei n, api()->glShaderBinaryFn(n, service_shaders.data(), binaryformat, binary, length); return error::kNoError; +#endif } error::Error GLES2DecoderPassthroughImpl::DoShaderSource(GLuint shader, |