packages/webkitgtk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
webkitgtk/backport-CVE-2023-32409.patch

33 lines
1.2 KiB
Diff
Raw Permalink Blame History

From 54408f5746f2401721bd56d71de132a22b6f9856 Mon Sep 17 00:00:00 2001
From: Mike Wyrzykowski <mwyrzykowski@apple.com>
Date: Wed, 12 Apr 2023 17:30:56 -0700
Subject: [PATCH] [WebGPU] RemoteBuffer unmap should check the input vector
https://bugs.webkit.org/show_bug.cgi?id=255350 <rdar://107947502>
Reviewed by Myles C. Maxfield.
Ensure data vector passed to unmap is valid for the currently
mapped buffer.
* Source/WebKit/GPUProcess/graphics/WebGPU/RemoteBuffer.cpp:
(WebKit::RemoteBuffer::unmap):
Canonical link: https://commits.webkit.org/262895@main
---
Source/WebKit/GPUProcess/graphics/WebGPU/RemoteBuffer.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Source/WebKit/GPUProcess/graphics/WebGPU/RemoteBuffer.cpp b/Source/WebKit/GPUProcess/graphics/WebGPU/RemoteBuffer.cpp
index f533f5c30c32b..ec12ea2ac171b 100644
--- a/Source/WebKit/GPUProcess/graphics/WebGPU/RemoteBuffer.cpp
+++ b/Source/WebKit/GPUProcess/graphics/WebGPU/RemoteBuffer.cpp
@@ -79,7 +79,7 @@ void RemoteBuffer::getMappedRange(PAL::WebGPU::Size64 offset, std::optional<PAL:
void RemoteBuffer::unmap(Vector<uint8_t>&& data)
{
- if (!m_mappedRange)
+ if (!m_mappedRange || m_mappedRange->byteLength < data.size())
return;
ASSERT(m_isMapped);
Reference in New Issue View Git Blame Copy Permalink