From 255e4e22e4479f9eb3c45a1fb039c78f22bed200 Mon Sep 17 00:00:00 2001 From: "trop[bot]" <37223003+trop[bot]@users.noreply.github.com> Date: Tue, 25 Feb 2025 12:36:46 -0500 Subject: [PATCH] build: re-enable unsafe buffer checks (#45797) Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: Charles Kerr --- build/args/all.gn | 8 +-- patches/chromium/.patches | 1 + ..._conflicting_allow_unsafe_libc_calls.patch | 49 +++++++++++++++++++ 3 files changed, 51 insertions(+), 7 deletions(-) create mode 100644 patches/chromium/chore_remove_conflicting_allow_unsafe_libc_calls.patch diff --git a/build/args/all.gn b/build/args/all.gn index 462b9d03d8c6..54ddf6aaf755 100644 --- a/build/args/all.gn +++ b/build/args/all.gn @@ -74,10 +74,4 @@ enterprise_cloud_content_analysis = false # https://issues.chromium.org/issues/40943039 content_enable_legacy_ipc = true -# Electron has its own unsafe-buffers enforcement directories. -# TODO: clang_unsafe_buffers_paths = "//electron/electron_unsafe_buffers_paths.txt" -# -# Disables unsafe-buffers-usage plugin due to incompatibilities with our reclient implementation -# Ref: https://chromium-review.googlesource.com/c/chromium/src/+/5426599 -# Ref: https://github.com/electron/electron/commit/8e20f16ea35eeaeb149ae63bad3703d782665f6a -clang_unsafe_buffers_paths = "" +clang_unsafe_buffers_paths = "//electron/electron_unsafe_buffers_paths.txt" diff --git a/patches/chromium/.patches b/patches/chromium/.patches index f3e48ab15b84..e93ffbc97e79 100644 --- a/patches/chromium/.patches +++ b/patches/chromium/.patches @@ -144,3 +144,4 @@ fix_osr_stutter_in_both_cpu_and_gpu_capture_when_page_has_animation.patch ignore_parse_errors_for_pkey_appusermodel_toastactivatorclsid.patch fix_win32_synchronous_spellcheck.patch fix_drag_and_drop_icons_on_windows.patch +chore_remove_conflicting_allow_unsafe_libc_calls.patch diff --git a/patches/chromium/chore_remove_conflicting_allow_unsafe_libc_calls.patch b/patches/chromium/chore_remove_conflicting_allow_unsafe_libc_calls.patch new file mode 100644 index 000000000000..a10e4e2a2f97 --- /dev/null +++ b/patches/chromium/chore_remove_conflicting_allow_unsafe_libc_calls.patch @@ -0,0 +1,49 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Charles Kerr +Date: Sat, 22 Feb 2025 13:15:39 -0600 +Subject: chore: remove conflicting allow_unsafe_libc_calls + +We want builds to fail if a buffer warning comes from Electron code but +not from code that we don't maintain (e.g. upstream Chromium code), so +//electron/electron_unsafe_buffer_paths.txt turns off Chromium warnings. + +There are some upstream files that generate warnings *and* also have +pragmas that override //electron/electron_unsafe_buffer_paths.txt, +forcing them to be tested. This breaks our build. + +Files can be removed from this patch when upstream either removes the +pragma or fixes the other warnings. This patch can be removed when no +files are left. + +diff --git a/net/cookies/parsed_cookie.cc b/net/cookies/parsed_cookie.cc +index 7d5d0106a3675b3fa21b0e00a755f5c0ed11c87b..d26c645d70b54b31815c8140954ee6d0a34fa8af 100644 +--- a/net/cookies/parsed_cookie.cc ++++ b/net/cookies/parsed_cookie.cc +@@ -2,11 +2,6 @@ + // Use of this source code is governed by a BSD-style license that can be + // found in the LICENSE file. + +-#ifdef UNSAFE_BUFFERS_BUILD +-// TODO(crbug.com/390223051): Remove C-library calls to fix the errors. +-#pragma allow_unsafe_libc_calls +-#endif +- + // Portions of this code based on Mozilla: + // (netwerk/cookie/src/nsCookieService.cpp) + /* ***** BEGIN LICENSE BLOCK ***** +diff --git a/net/http/http_response_headers.cc b/net/http/http_response_headers.cc +index 34ef2be4415825254c41d5970be33b1195a9a381..4a3462664c22f6d367e02ac03551c22c0db52a4d 100644 +--- a/net/http/http_response_headers.cc ++++ b/net/http/http_response_headers.cc +@@ -2,11 +2,6 @@ + // Use of this source code is governed by a BSD-style license that can be + // found in the LICENSE file. + +-#ifdef UNSAFE_BUFFERS_BUILD +-// TODO(crbug.com/390223051): Remove C-library calls to fix the errors. +-#pragma allow_unsafe_libc_calls +-#endif +- + // The rules for header parsing were borrowed from Firefox: + // http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpResponseHead.cpp + // The rules for parsing content-types were also borrowed from Firefox: