diff options
author | Matt Reynolds <mattreynolds@google.com> | 2022-01-19 21:03:08 +0000 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2022-02-28 08:49:07 +0000 |
commit | d1d0e8553c7eb6c5364e3eb80bc5eb935257340a (patch) | |
tree | 04526d8b96e7365166cf5e36b385b0db7c384585 | |
parent | e55302f0a9c6224860358a98a58ffb4dbc67cb82 (diff) | |
download | qtwebengine-chromium-d1d0e8553c7eb6c5364e3eb80bc5eb935257340a.tar.gz |
[Backport] CVE-2022-0610: Inappropriate implementation in Gamepad API
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3373944:
gamepad: Return an invalid handle after ReportBadMessage
Bug: 1285449
Change-Id: I746c539577f7bdf69cbe4212ac380e0c92a5c771
Auto-Submit: Matt Reynolds <mattreynolds@chromium.org>
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Commit-Queue: Reilly Grant <reillyg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#961125}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
-rw-r--r-- | chromium/device/gamepad/gamepad_monitor.cc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/chromium/device/gamepad/gamepad_monitor.cc b/chromium/device/gamepad/gamepad_monitor.cc index 4a35a61d8b3..9e1227f43db 100644 --- a/chromium/device/gamepad/gamepad_monitor.cc +++ b/chromium/device/gamepad/gamepad_monitor.cc @@ -54,6 +54,8 @@ void GamepadMonitor::GamepadStartPolling(GamepadStartPollingCallback callback) { GamepadService* service = GamepadService::GetInstance(); if (!service->ConsumerBecameActive(this)) { mojo::ReportBadMessage("GamepadMonitor::GamepadStartPolling failed"); + std::move(callback).Run(base::ReadOnlySharedMemoryRegion()); + return; } std::move(callback).Run(service->DuplicateSharedMemoryRegion()); } |