fix: prevent UAF in NativeImage.getBitmap (#25782)
This commit is contained in:
parent
0632d59da0
commit
f31a1c9e4e
1 changed files with 6 additions and 3 deletions
|
@ -103,8 +103,6 @@ base::win::ScopedHICON ReadICOFromPath(int size, const base::FilePath& path) {
|
|||
}
|
||||
#endif
|
||||
|
||||
void Noop(char*, void*) {}
|
||||
|
||||
} // namespace
|
||||
|
||||
NativeImage::NativeImage(v8::Isolate* isolate, const gfx::Image& image)
|
||||
|
@ -224,6 +222,10 @@ std::string NativeImage::ToDataURL(gin::Arguments* args) {
|
|||
image_.AsImageSkia().GetRepresentation(scale_factor).GetBitmap());
|
||||
}
|
||||
|
||||
void SkUnref(char* data, void* hint) {
|
||||
reinterpret_cast<SkRefCnt*>(hint)->unref();
|
||||
}
|
||||
|
||||
v8::Local<v8::Value> NativeImage::GetBitmap(gin::Arguments* args) {
|
||||
float scale_factor = GetScaleFactorFromOptions(args);
|
||||
|
||||
|
@ -232,9 +234,10 @@ v8::Local<v8::Value> NativeImage::GetBitmap(gin::Arguments* args) {
|
|||
SkPixelRef* ref = bitmap.pixelRef();
|
||||
if (!ref)
|
||||
return node::Buffer::New(args->isolate(), 0).ToLocalChecked();
|
||||
ref->ref();
|
||||
return node::Buffer::New(args->isolate(),
|
||||
reinterpret_cast<char*>(ref->pixels()),
|
||||
bitmap.computeByteSize(), &Noop, nullptr)
|
||||
bitmap.computeByteSize(), &SkUnref, ref)
|
||||
.ToLocalChecked();
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue