summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSeongHwan Park <ggabu423@gmail.com>2022-05-31 02:41:32 +0900
committerMichael BrĂ¼ning <michael.bruning@qt.io>2022-08-01 16:02:55 +0000
commit1a88dca8fec1556326df28c241e4bbf080311194 (patch)
treef13a8373ba88bf1819d4cf1fb3982abc95f78361
parent8fe6e98e6047c1e4b6a470067ad7e09ff648c15f (diff)
downloadqtwebengine-chromium-1a88dca8fec1556326df28c241e4bbf080311194.tar.gz
[Backport] CVE-2022-2011: Use after free in ANGLE.
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/angle/angle/+/3687713: Fix to invalidate cache when binding Transform Feedback. Bug: chromium:1330379 No-Try: true No-Presubmit: true No-Tree-Checks: true Change-Id: I091116286ac511c50f9abcffa4d3cf350be920b4 Commit-Queue: Jamie Madill <jmadill@chromium.org> (cherry picked from commit d96cee6685099f6bcc392a4d20d28c8ec484673a) (cherry picked from commit 9768648fffc94a434a7d400a2542ce3706224417) Reviewed-by: Jamie Madill <jmadill@chromium.org> Auto-Submit: Roger Felipe Zanoni da Silva <rzanoni@google.com> Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Diffstat
-rw-r--r--chromium/third_party/angle/src/libANGLE/Context.cpp1
1 files changed, 1 insertions, 0 deletions
diff --git a/chromium/third_party/angle/src/libANGLE/Context.cpp b/chromium/third_party/angle/src/libANGLE/Context.cpp
index 547b896885e..9e63bb9fa09 100644
--- a/chromium/third_party/angle/src/libANGLE/Context.cpp
+++ b/chromium/third_party/angle/src/libANGLE/Context.cpp
@@ -1286,6 +1286,7 @@ void Context::bindTransformFeedback(GLenum target, TransformFeedbackID transform
TransformFeedback *transformFeedback =
checkTransformFeedbackAllocation(transformFeedbackHandle);
mState.setTransformFeedbackBinding(this, transformFeedback);
+ mStateCache.onActiveTransformFeedbackChange(this);
}
void Context::bindProgramPipeline(ProgramPipelineID pipelineHandle)
View Lorry Controller Status