diff options
author | Leonard Grey <lgrey@chromium.org> | 2022-04-12 23:14:06 +0000 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2022-06-16 19:52:55 +0000 |
commit | 60882e1d01a545f2fe9f99b667fd76677d6b88f5 (patch) | |
tree | caea03d4722102b8bedc250d5f67e317741980d5 /chromium | |
parent | 58ec380b8c395255ea27535c63c2853d657b3125 (diff) | |
download | qtwebengine-chromium-60882e1d01a545f2fe9f99b667fd76677d6b88f5.tar.gz |
[Backport] CVE-2022-1876: Heap buffer overflow in DevTools
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3584284:
UIDevTools: fix bounds check for websocket connections
Bug: 1313600
Change-Id: Ic97da6e5cf5595d530a100bc8bbbee12467cef05
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Leonard Grey <lgrey@chromium.org>
Cr-Commit-Position: refs/heads/main@{#991786}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Diffstat (limited to 'chromium')
-rw-r--r-- | chromium/components/ui_devtools/devtools_server.cc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/chromium/components/ui_devtools/devtools_server.cc b/chromium/components/ui_devtools/devtools_server.cc index e4d47751e98..b77494e3d96 100644 --- a/chromium/components/ui_devtools/devtools_server.cc +++ b/chromium/components/ui_devtools/devtools_server.cc @@ -212,8 +212,9 @@ void UiDevToolsServer::OnWebSocketRequest( size_t target_id = 0; if (info.path.empty() || !base::StringToSizeT(info.path.substr(1), &target_id) || - target_id > clients_.size()) + target_id >= clients_.size()) { return; + } UiDevToolsClient* client = clients_[target_id].get(); // Only one user can inspect the client at a time |