osr: Fix potential shared memory OOB access
This commit is contained in:
parent
033c246f5c
commit
fcbf3c4ec3
|
@ -75,15 +75,24 @@ void CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory(
|
|||
base::UnsafeSharedMemoryRegion region) {
|
||||
// Make sure |pixel_size| is sane.
|
||||
size_t expected_bytes;
|
||||
bool size_result = viz::ResourceSizes::MaybeSizeInBytes(
|
||||
pixel_size, viz::SinglePlaneFormat::kRGBA_8888, &expected_bytes);
|
||||
if (!size_result) {
|
||||
if (!viz::ResourceSizes::MaybeSizeInBytes(
|
||||
pixel_size, viz::SinglePlaneFormat::kRGBA_8888, &expected_bytes)) {
|
||||
DLOG(ERROR) << "OnAllocatedSharedMemory with size that overflows";
|
||||
return;
|
||||
}
|
||||
|
||||
auto mapping = region.Map();
|
||||
if (!mapping.IsValid()) {
|
||||
DLOG(ERROR) << "Shared memory mapping failed.";
|
||||
return;
|
||||
}
|
||||
if (mapping.size() < expected_bytes) {
|
||||
DLOG(ERROR) << "Shared memory size was less than expected.";
|
||||
return;
|
||||
}
|
||||
|
||||
pixel_size_ = pixel_size;
|
||||
shared_memory_ = region.Map();
|
||||
DCHECK(shared_memory_.IsValid());
|
||||
shared_memory_ = std::move(mapping);
|
||||
}
|
||||
|
||||
void CefLayeredWindowUpdaterOSR::Draw(const gfx::Rect& damage_rect,
|
||||
|
|
|
@ -88,6 +88,11 @@ void CefVideoConsumerOSR::OnFrameCaptured(
|
|||
callbacks) {
|
||||
ScopedVideoFrameDone scoped_done(std::move(callbacks));
|
||||
|
||||
if (info->pixel_format != media::PIXEL_FORMAT_ARGB) {
|
||||
DLOG(ERROR) << "Unsupported pixel format " << info->pixel_format;
|
||||
return;
|
||||
}
|
||||
|
||||
CHECK(data->is_read_only_shmem_region());
|
||||
base::ReadOnlySharedMemoryRegion& shmem_region =
|
||||
data->get_read_only_shmem_region();
|
||||
|
|
Loading…
Reference in New Issue