Home Explore 引导页 在线工具 Blog
Register Sign In
Pchen0
/
electron
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

chore: cherry-pick d9081493c4b2 from chromium (#37851)

* chore: cherry-pick d9081493c4b2 from chromium

* chore: update patches

---------

Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
Co-authored-by: electron-patch-conflict-fixer[bot] <83340002+electron-patch-conflict-fixer[bot]@users.noreply.github.com>
Pedro Pontes 2 years ago
parent
d7d5ec5f00
commit
ab7e58bee4
2 changed files with 91 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      patches/chromium/.patches
  2. 90 0
      patches/chromium/cherry-pick-d9081493c4b2.patch

+ 1 - 0
patches/chromium/.patches
View File 

@@ -127,4 +127,5 @@ expose_v8initializer_codegenerationcheckcallbackinmainthread.patch
 
 chore_patch_out_profile_methods_in_profile_selections_cc.patch
 
 fix_x11_window_restore_minimized_maximized_window.patch
 
 chore_defer_usb_service_getdevices_request_until_usb_service_is.patch
 
+cherry-pick-d9081493c4b2.patch
 
 cherry-pick-d6946b70b431.patch

+ 90 - 0
patches/chromium/cherry-pick-d9081493c4b2.patch
View File 

@@ -0,0 +1,90 @@
 
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 
+From: kylechar <[email protected]>
 
+Date: Tue, 28 Feb 2023 21:02:51 +0000
 
+Subject: Add CHECKs in HostFrameSinkManager
 
+
 
+It looks like it's possible for a compromised renderer to get multiple
 
+things to register the same FrameSinkId with HostFrameSinkManager. This
 
+violates assumptions around ownership so turn DCHECKs here into CHECKs.
 
+Also convert DCHECKs into CHECKs for registering/unregistering frame
 
+sink hierarchy just in case.
 
+
 
+(cherry picked from commit a707ac2d95e4726f4cf0267c9b0c038926c2a691)
 
+
 
+Bug: 1414018
 
+Change-Id: If948e758a8484024666f4066360620bc3a9cb493
 
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4283141
 
+Reviewed-by: Martin Kreichgauer <[email protected]>
 
+Reviewed-by: Jonathan Ross <[email protected]>
 
+Commit-Queue: Kyle Charbonneau <[email protected]>
 
+Cr-Original-Commit-Position: refs/heads/main@{#1109533}
 
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4298330
 
+Cr-Commit-Position: refs/branch-heads/5615@{#69}
 
+Cr-Branched-From: 9c6408ef696e83a9936b82bbead3d41c93c82ee4-refs/heads/main@{#1109224}
 
+
 
+diff --git a/components/viz/host/host_frame_sink_manager.cc b/components/viz/host/host_frame_sink_manager.cc
 
+index 923cd827c31fcaaf41bd0247ec5221704c0bb3ea..65241be62293d64f3b09e2cf2b68bb6d946bcdb2 100644
 
+--- a/components/viz/host/host_frame_sink_manager.cc
 
++++ b/components/viz/host/host_frame_sink_manager.cc
 
+@@ -68,7 +68,7 @@ void HostFrameSinkManager::RegisterFrameSinkId(
 
+   DCHECK(client);
 
+ 
+   FrameSinkData& data = frame_sink_data_map_[frame_sink_id];
 
+-  DCHECK(!data.IsFrameSinkRegistered());
 
++  CHECK(!data.IsFrameSinkRegistered());
 
+   DCHECK(!data.has_created_compositor_frame_sink);
 
+   data.client = client;
 
+   data.report_activation = report_activation;
 
+@@ -87,7 +87,7 @@ void HostFrameSinkManager::InvalidateFrameSinkId(
 
+   DCHECK(frame_sink_id.is_valid());
 
+ 
+   FrameSinkData& data = frame_sink_data_map_[frame_sink_id];
 
+-  DCHECK(data.IsFrameSinkRegistered());
 
++  CHECK(data.IsFrameSinkRegistered());
 
+ 
+   const bool destroy_synchronously =
 
+       data.has_created_compositor_frame_sink && data.wait_on_destruction;
 
+@@ -227,14 +227,14 @@ bool HostFrameSinkManager::RegisterFrameSinkHierarchy(
 
+     return false;
 
+   }
 
+ 
++  FrameSinkData& parent_data = iter->second;
 
++  CHECK(!base::Contains(parent_data.children, child_frame_sink_id));
 
++  parent_data.children.push_back(child_frame_sink_id);
 
++
 
+   // Register and store the parent.
 
+   frame_sink_manager_->RegisterFrameSinkHierarchy(parent_frame_sink_id,
 
+                                                   child_frame_sink_id);
 
+ 
+-  FrameSinkData& parent_data = iter->second;
 
+-  DCHECK(!base::Contains(parent_data.children, child_frame_sink_id));
 
+-  parent_data.children.push_back(child_frame_sink_id);
 
+-
 
+   return true;
 
+ }
 
+ 
+@@ -243,8 +243,9 @@ void HostFrameSinkManager::UnregisterFrameSinkHierarchy(
 
+     const FrameSinkId& child_frame_sink_id) {
 
+   // Unregister and clear the stored parent.
 
+   FrameSinkData& parent_data = frame_sink_data_map_[parent_frame_sink_id];
 
+-  DCHECK(base::Contains(parent_data.children, child_frame_sink_id));
 
+-  base::Erase(parent_data.children, child_frame_sink_id);
 
++  size_t num_erased = base::Erase(parent_data.children, child_frame_sink_id);
 
++  CHECK_EQ(num_erased, 1u);
 
++
 
+   if (parent_data.IsEmpty())
 
+     frame_sink_data_map_.erase(parent_frame_sink_id);
 
+ 
+diff --git a/components/viz/service/frame_sinks/frame_sink_manager_impl.cc b/components/viz/service/frame_sinks/frame_sink_manager_impl.cc
 
+index b55780a0e0c5c59d97a0123829dac512eca07029..ad2575c1666ea0be7d65774309447c89b199cf7a 100644
 
+--- a/components/viz/service/frame_sinks/frame_sink_manager_impl.cc
 
++++ b/components/viz/service/frame_sinks/frame_sink_manager_impl.cc
 
+@@ -284,7 +284,7 @@ void FrameSinkManagerImpl::UnregisterFrameSinkHierarchy(
 
+   }
 
+ 
+   auto iter = frame_sink_source_map_.find(parent_frame_sink_id);
 
+-  DCHECK(iter != frame_sink_source_map_.end());
 
++  CHECK(iter != frame_sink_source_map_.end());
 
+ 
+   // Remove |child_frame_sink_id| from parents list of children.
 
+   auto& mapping = iter->second;