diff options
| author | Geoff Lang <geofflang@chromium.org> | 2023-03-17 09:03:11 +0000 |
|---|---|---|
| committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2023-04-03 15:25:17 +0000 |
| commit | f6a764fd4d5fa4eada45c3dea077af17583f40b4 (patch) | |
| tree | 4624bd03442a84b51eeb969801a7a6154ba65bbe | |
| parent | 8afb54fe3f72fc16c5f3d0092515a81b54ace80a (diff) | |
| download | qtwebengine-chromium-f6a764fd4d5fa4eada45c3dea077af17583f40b4.tar.gz | |
[Backport] CVE-2023-1534: Out of bounds read in ANGLE
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4324998:
Disable glShaderBinary in the passthrough cmd decoder.
This matches the behaviour of the validating command decoder. The client
does not use this function and it's not exposed to WebGL.
Bug: 1422594
Change-Id: I87c670e4e80b0078fddb9f089b7ac7777a6debfa
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4324998
Commit-Queue: Geoff Lang <geofflang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1115379}
(cherry picked from commit 4a81311a62d853a43e002f45c6867f73c0accdab)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468506
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
| -rw-r--r-- | chromium/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/chromium/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc b/chromium/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc index 9ee7758298c..85f7d781313 100644 --- a/chromium/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc +++ b/chromium/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc @@ -2666,6 +2666,10 @@ error::Error GLES2DecoderPassthroughImpl::DoShaderBinary(GLsizei n, GLenum binaryformat, const void* binary, GLsizei length) { +#if 1 // No binary shader support. + InsertError(GL_INVALID_ENUM, "Invalid enum."); + return error::kNoError; +#else std::vector<GLuint> service_shaders(n, 0); for (GLsizei i = 0; i < n; i++) { service_shaders[i] = GetShaderServiceID(shaders[i], resources_); @@ -2673,6 +2677,7 @@ error::Error GLES2DecoderPassthroughImpl::DoShaderBinary(GLsizei n, api()->glShaderBinaryFn(n, service_shaders.data(), binaryformat, binary, length); return error::kNoError; +#endif } error::Error GLES2DecoderPassthroughImpl::DoShaderSource(GLuint shader, |