From 3456970560513228c32684966f311f842cd01dc7 Mon Sep 17 00:00:00 2001 From: Geoff Lang Date: Fri, 17 Mar 2023 09:03:11 +0000 Subject: [Backport] CVE-2023-1534: Out of bounds read in ANGLE Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/4324998: Disable glShaderBinary in the passthrough cmd decoder. This matches the behaviour of the validating command decoder. The client does not use this function and it's not exposed to WebGL. Bug: 1422594 Change-Id: I87c670e4e80b0078fddb9f089b7ac7777a6debfa Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4324998 Commit-Queue: Geoff Lang Cr-Commit-Position: refs/heads/main@{#1115379} (cherry picked from commit 4a81311a62d853a43e002f45c6867f73c0accdab) Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468615 Reviewed-by: Michal Klocek --- .../command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/chromium/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc b/chromium/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc index 59caeecc40d..69e39408efc 100644 --- a/chromium/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc +++ b/chromium/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc @@ -2657,6 +2657,10 @@ error::Error GLES2DecoderPassthroughImpl::DoShaderBinary(GLsizei n, GLenum binaryformat, const void* binary, GLsizei length) { +#if 1 // No binary shader support. + InsertError(GL_INVALID_ENUM, "Invalid enum."); + return error::kNoError; +#else std::vector service_shaders(n, 0); for (GLsizei i = 0; i < n; i++) { service_shaders[i] = GetShaderServiceID(shaders[i], resources_); @@ -2664,6 +2668,7 @@ error::Error GLES2DecoderPassthroughImpl::DoShaderBinary(GLsizei n, api()->glShaderBinaryFn(n, service_shaders.data(), binaryformat, binary, length); return error::kNoError; +#endif } error::Error GLES2DecoderPassthroughImpl::DoShaderSource(GLuint shader, -- cgit v1.2.1