Home Explore 引导页 在线工具 Blog
Register Sign In
Pchen0
/
electron
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

chore: cherry-pick 65ad70274d4b from chromium (#36579)

* chore: [20-x-y] cherry-pick 65ad70274d4b from chromium

* chore: update patches

Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
Co-authored-by: electron-patch-conflict-fixer[bot] <83340002+electron-patch-conflict-fixer[bot]@users.noreply.github.com>
Co-authored-by: Jeremy Rose <[email protected]>
Pedro Pontes 2 years ago
parent
1ce4472ae6
commit
d1475648cb
2 changed files with 79 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      patches/chromium/.patches
  2. 78 0
      patches/chromium/cherry-pick-65ad70274d4b.patch

+ 1 - 0
patches/chromium/.patches
View File 

@@ -143,6 +143,7 @@ cherry-pick-ac4785387fff.patch
 
 cherry-pick-81cb17c24788.patch
 
 cherry-pick-1894458e04a2.patch
 
 cherry-pick-6b4af5d82083.patch
 
+cherry-pick-65ad70274d4b.patch
 
 cherry-pick-f46db6aac3e9.patch
 
 cherry-pick-2ef09109c0ec.patch
 
 cherry-pick-f98adc846aad.patch

+ 78 - 0
patches/chromium/cherry-pick-65ad70274d4b.patch
View File 

@@ -0,0 +1,78 @@
 
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 
+From: Ilya Nikolaevskiy <[email protected]>
 
+Date: Mon, 14 Nov 2022 12:33:49 +0000
 
+Subject: Fix UAF in VideoCaptureDeviceWin::FrameReceived
 
+
 
+(cherry picked from commit d08a3822658cb4ca4261659f1487069a14b51bd9)
 
+
 
+Bug: 1381401
 
+Change-Id: Ib742ec7b86d3c419f37f12694bf9cd5f3f03305c
 
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4013158
 
+Reviewed-by: Markus Handell <[email protected]>
 
+Commit-Queue: Ilya Nikolaevskiy <[email protected]>
 
+Cr-Original-Commit-Position: refs/heads/main@{#1069054}
 
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4023295
 
+Cr-Commit-Position: refs/branch-heads/5359@{#809}
 
+Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
 
+
 
+diff --git a/media/capture/video/win/video_capture_device_win.cc b/media/capture/video/win/video_capture_device_win.cc
 
+index df0aef940a007a594c328f10a2ea26e1d381505f..b220ded61ed5c501426ccc5c128dd4494c448b2f 100644
 
+--- a/media/capture/video/win/video_capture_device_win.cc
 
++++ b/media/capture/video/win/video_capture_device_win.cc
 
+@@ -866,34 +866,35 @@ void VideoCaptureDeviceWin::FrameReceived(const uint8_t* buffer,
 
+                                           const VideoCaptureFormat& format,
 
+                                           base::TimeDelta timestamp,
 
+                                           bool flip_y) {
 
++  // We always calculate camera rotation for the first frame. We also cache
 
++  // the latest value to use when AutoRotation is turned off.
 
++  // To avoid potential deadlock, do this without holding a lock.
 
++  if (!camera_rotation_.has_value() || IsAutoRotationEnabled())
 
++    camera_rotation_ = GetCameraRotation(device_descriptor_.facing);
 
++
 
+   {
 
+     base::AutoLock lock(lock_);
 
+     if (state_ != kCapturing)
 
+       return;
 
+-  }
 
+ 
+-  if (first_ref_time_.is_null())
 
+-    first_ref_time_ = base::TimeTicks::Now();
 
++    if (first_ref_time_.is_null())
 
++      first_ref_time_ = base::TimeTicks::Now();
 
+ 
+-  // There is a chance that the platform does not provide us with the timestamp,
 
+-  // in which case, we use reference time to calculate a timestamp.
 
+-  if (timestamp == kNoTimestamp)
 
+-    timestamp = base::TimeTicks::Now() - first_ref_time_;
 
++    // There is a chance that the platform does not provide us with the
 
++    // timestamp, in which case, we use reference time to calculate a timestamp.
 
++    if (timestamp == kNoTimestamp)
 
++      timestamp = base::TimeTicks::Now() - first_ref_time_;
 
+ 
+-  // We always calculate camera rotation for the first frame. We also cache the
 
+-  // latest value to use when AutoRotation is turned off.
 
+-  if (!camera_rotation_.has_value() || IsAutoRotationEnabled())
 
+-    camera_rotation_ = GetCameraRotation(device_descriptor_.facing);
 
+-
 
+-  // TODO(julien.isorce): retrieve the color space information using the
 
+-  // DirectShow api, AM_MEDIA_TYPE::VIDEOINFOHEADER2::dwControlFlags. If
 
+-  // AMCONTROL_COLORINFO_PRESENT, then reinterpret dwControlFlags as a
 
+-  // DXVA_ExtendedFormat. Then use its fields DXVA_VideoPrimaries,
 
+-  // DXVA_VideoTransferMatrix, DXVA_VideoTransferFunction and
 
+-  // DXVA_NominalRangeto build a gfx::ColorSpace. See http://crbug.com/959992.
 
+-  client_->OnIncomingCapturedData(buffer, length, format, gfx::ColorSpace(),
 
+-                                  camera_rotation_.value(), flip_y,
 
+-                                  base::TimeTicks::Now(), timestamp);
 
++    // TODO(julien.isorce): retrieve the color space information using the
 
++    // DirectShow api, AM_MEDIA_TYPE::VIDEOINFOHEADER2::dwControlFlags. If
 
++    // AMCONTROL_COLORINFO_PRESENT, then reinterpret dwControlFlags as a
 
++    // DXVA_ExtendedFormat. Then use its fields DXVA_VideoPrimaries,
 
++    // DXVA_VideoTransferMatrix, DXVA_VideoTransferFunction and
 
++    // DXVA_NominalRangeto build a gfx::ColorSpace. See http://crbug.com/959992.
 
++    client_->OnIncomingCapturedData(buffer, length, format, gfx::ColorSpace(),
 
++                                    camera_rotation_.value(), flip_y,
 
++                                    base::TimeTicks::Now(), timestamp);
 
++  }
 
+ 
+   while (!take_photo_callbacks_.empty()) {
 
+     TakePhotoCallback cb = std::move(take_photo_callbacks_.front());