Home Explore 引导页 在线工具 Blog
Register Sign In
Pchen0
/
electron
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

chore: cherry-pick 38de42d2bbc3 from chromium (#37668)

* chore: cherry-pick 38de42d2bbc3 from chromium

* chore: update patches

---------

Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
Co-authored-by: electron-patch-conflict-fixer[bot] <83340002+electron-patch-conflict-fixer[bot]@users.noreply.github.com>
Pedro Pontes 2 years ago
parent
e0d3da320e
commit
7ce58430e0
2 changed files with 38 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      patches/chromium/.patches
  2. 37 0
      patches/chromium/cherry-pick-38de42d2bbc3.patch

+ 1 - 0
patches/chromium/.patches
View File 

@@ -151,5 +151,6 @@ cherry-pick-06851790480e.patch
 
 cherry-pick-e79b89b47dac.patch
 
 m108-lts_simplify_webmediaplayermscompositor_destruction.patch
 
 m108-lts_further_simplify_webmediaplayermscompositor_lifetime.patch
 
+cherry-pick-38de42d2bbc3.patch
 
 cherry-pick-bfd926be8178.patch
 
 cherry-pick-d202ad3c6aeb.patch

+ 37 - 0
patches/chromium/cherry-pick-38de42d2bbc3.patch
View File 

@@ -0,0 +1,37 @@
 
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 
+From: Will Harris <[email protected]>
 
+Date: Thu, 2 Mar 2023 10:23:28 +0000
 
+Subject: Fix potential out of bounds write in base::SampleVectorBase
 
+
 
+BUG=1417185
 
+
 
+(cherry picked from commit 552939b035e724e022fedb90fd80cd008e441fcf)
 
+
 
+Change-Id: I70719d0f9afb81dda373f88ab3a1c177397659ec
 
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4265437
 
+Commit-Queue: Will Harris <[email protected]>
 
+Cr-Original-Commit-Position: refs/heads/main@{#1106984}
 
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4289351
 
+Commit-Queue: Zakhar Voit <[email protected]>
 
+Reviewed-by: Victor-Gabriel Savu <[email protected]>
 
+Owners-Override: Victor-Gabriel Savu <[email protected]>
 
+Cr-Commit-Position: refs/branch-heads/5359@{#1397}
 
+Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
 
+
 
+diff --git a/base/metrics/sample_vector.cc b/base/metrics/sample_vector.cc
 
+index 18f7f8a4adff18d733c57d497dccdaacb9cc814f..90daf7ce4e0e7567a7c2cafa2a6b5a70bd99417a 100644
 
+--- a/base/metrics/sample_vector.cc
 
++++ b/base/metrics/sample_vector.cc
 
+@@ -274,6 +274,12 @@ void SampleVectorBase::MoveSingleSampleToCounts() {
 
+   if (sample.count == 0)
 
+     return;
 
+ 
++  // Stop here if the sample bucket would be out of range for the AtomicCount
 
++  // array.
 
++  if (sample.bucket >= counts_size()) {
 
++    return;
 
++  }
 
++
 
+   // Move the value into storage. Sum and redundant-count already account
 
+   // for this entry so no need to call IncreaseSumAndCount().
 
+   subtle::NoBarrier_AtomicIncrement(&counts()[sample.bucket], sample.count);