Skip to content

Instantly share code, notes, and snippets.

@twilligon

twilligon/0000-fix-CVE-2019-5786.patch

Last active March 18, 2019 16:15
Show Gist options
  • Save twilligon/b4aaa9aa8597fa49f439e919453c5f93 to your computer and use it in GitHub Desktop.
Save twilligon/b4aaa9aa8597fa49f439e919453c5f93 to your computer and use it in GitHub Desktop.
Download ZIP
Chromium unstable patch for CVE-2019-5786
Raw
0000-fix-CVE-2019-5786.patch
From 0b8ac062693ce67019dfef28f76e0c79db8fa0a3 Mon Sep 17 00:00:00 2001
From: Will Harris <[email protected]>
Date: Thu, 28 Feb 2019 19:32:41 +0000
Subject: [PATCH] Merge M73: FileReader: Make a copy of the ArrayBuffer when
returning partial results.
This is to avoid accidentally ending up with multiple references to the
same underlying ArrayBuffer. The extra performance overhead of this is
minimal as usage of partial results is very rare anyway (as can be seen
on https://www.chromestatus.com/metrics/feature/timeline/popularity/2158).
(cherry picked from commit ba9748e78ec7e9c0d594e7edf7b2c07ea2a90449)
Bug: 936448
Change-Id: Icd1081adc1c889829fe7fa4af9cf4440097e8854
Reviewed-on: https://chromium-review.googlesource.com/c/1492873
Commit-Queue: Marijn Kruisselbrink <[email protected]>
Reviewed-by: Adam Klein <[email protected]>
Cr-Original-Commit-Position: refs/heads/master@{#636251}
Reviewed-on: https://chromium-review.googlesource.com/c/1495448
Reviewed-by: Will Harris <[email protected]>
Cr-Commit-Position: refs/branch-heads/3683@{#689}
Cr-Branched-From: e51029943e0a38dd794b73caaf6373d5496ae783-refs/heads/master@{#625896}
---
.../renderer/core/fileapi/file_reader_loader.cc | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/third_party/blink/renderer/core/fileapi/file_reader_loader.cc b/third_party/blink/renderer/core/fileapi/file_reader_loader.cc
index 5a1cc40c23539..36491a4b86f34 100644
--- a/third_party/blink/renderer/core/fileapi/file_reader_loader.cc
+++ b/third_party/blink/renderer/core/fileapi/file_reader_loader.cc
@@ -143,14 +143,16 @@ DOMArrayBuffer* FileReaderLoader::ArrayBufferResult() {
if (!raw_data_ || error_code_ != FileErrorCode::kOK)
return nullptr;
- DOMArrayBuffer* result = DOMArrayBuffer::Create(raw_data_->ToArrayBuffer());
- if (finished_loading_) {
- array_buffer_result_ = result;
- AdjustReportedMemoryUsageToV8(
- -1 * static_cast<int64_t>(raw_data_->ByteLength()));
- raw_data_.reset();
+ if (!finished_loading_) {
+ return DOMArrayBuffer::Create(
+ ArrayBuffer::Create(raw_data_->Data(), raw_data_->ByteLength()));
}
- return result;
+
+ array_buffer_result_ = DOMArrayBuffer::Create(raw_data_->ToArrayBuffer());
+ AdjustReportedMemoryUsageToV8(-1 *
+ static_cast<int64_t>(raw_data_->ByteLength()));
+ raw_data_.reset();
+ return array_buffer_result_;
}
String FileReaderLoader::StringResult() {
Raw
README.md

CVE-2019-5786 patch for Chromium on Gentoo

If you're using stable Chromium, don't worry: version 72.0.3626.121 contains this patch, and so should later 72.x releases.

If you're using up-to-date unstable (~arch) Chromium, don't worry: 73.0.3683.75 also fixes the issue.

If you're using Chromium version 73.0.3683.27 or earlier you need this patch to prevent a serious 0-day vulnerability allowing remote code execution which has been exploited "in the wild."

Usage

When using portage, patches are automatically applied from /etc/portage/patches:

sudo mkdir -p /etc/portage/patches/www-client/chromium
curl https://gist.githubusercontent.com/milkey-mouse/b4aaa9aa8597fa49f439e919453c5f93/raw/0000-fix-CVE-2019-5786.patch | sudo tee /etc/portage/patches/www-client/chromium/0000-fix-CVE-2019-5786.patch
sudo emerge chromium
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment