From 0d09a29f5a01812128f3186734ce8353c27f8a37 Mon Sep 17 00:00:00 2001 From: Will Harris Date: Thu, 2 Mar 2023 17:01:49 +0000 Subject: [Backport] CVE-2023-1219: Heap buffer overflow in Metrics (2/3) Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/4279942: Do not register browser_watcher activity report with crashpad BUG=1415328 (cherry picked from commit f93c88303ccbb64014a575b8ae093aa166832922) Change-Id: I109f6dac083a69a26841ee5e975e02093ca4cbf6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4257669 Commit-Queue: Will Harris Cr-Original-Commit-Position: refs/heads/main@{#1106253} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4279942 Reviewed-by: Victor-Gabriel Savu Commit-Queue: Zakhar Voit Owners-Override: Victor-Gabriel Savu Cr-Commit-Position: refs/branch-heads/5359@{#1401} Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468221 Reviewed-by: Michal Klocek --- chromium/components/crash/core/app/BUILD.gn | 1 - chromium/components/crash/core/app/DEPS | 1 - .../components/crash/core/app/run_as_crashpad_handler_win.cc | 10 ---------- 3 files changed, 12 deletions(-) diff --git a/chromium/components/crash/core/app/BUILD.gn b/chromium/components/crash/core/app/BUILD.gn index 7a5e5244cfd..8876246e763 100644 --- a/chromium/components/crash/core/app/BUILD.gn +++ b/chromium/components/crash/core/app/BUILD.gn @@ -151,7 +151,6 @@ if (is_win) { deps = [ "//base", "//build:chromeos_buildflags", - "//components/browser_watcher:activity_report", "//components/gwp_asan/buildflags", "//third_party/crashpad/crashpad/client", "//third_party/crashpad/crashpad/handler", diff --git a/chromium/components/crash/core/app/DEPS b/chromium/components/crash/core/app/DEPS index 2a92793b04c..a68e5f5e0ed 100644 --- a/chromium/components/crash/core/app/DEPS +++ b/chromium/components/crash/core/app/DEPS @@ -3,7 +3,6 @@ include_rules = [ "+third_party/breakpad", "+components/crash/android/jni_headers", - "+components/browser_watcher/activity_report_user_stream_data_source.h", "+components/gwp_asan/buildflags/buildflags.h", "+components/gwp_asan/crash_handler/crash_handler.h", "+content/public/common/content_descriptors.h", diff --git a/chromium/components/crash/core/app/run_as_crashpad_handler_win.cc b/chromium/components/crash/core/app/run_as_crashpad_handler_win.cc index 7091c0df5e1..f6dbbd1072f 100644 --- a/chromium/components/crash/core/app/run_as_crashpad_handler_win.cc +++ b/chromium/components/crash/core/app/run_as_crashpad_handler_win.cc @@ -16,7 +16,6 @@ #include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" #include "base/threading/platform_thread.h" -#include "components/browser_watcher/activity_report_user_stream_data_source.h" #include "components/gwp_asan/buildflags/buildflags.h" #include "third_party/crashpad/crashpad/client/crashpad_info.h" #include "third_party/crashpad/crashpad/client/simple_string_dictionary.h" @@ -81,15 +80,6 @@ int RunAsCrashpadHandler(const base::CommandLine& command_line, argv.clear(); crashpad::UserStreamDataSources user_stream_data_sources; - // Interpret an empty user data directory as a missing value. - if (!user_data_dir.empty()) { - // Register an extension to collect stability information. The extension - // will be invoked for any registered process' crashes, but information only - // exists for instrumented browser processes. - user_stream_data_sources.push_back( - std::make_unique( - user_data_dir)); - } #if BUILDFLAG(ENABLE_GWP_ASAN) user_stream_data_sources.push_back( -- cgit v1.2.1