fix: prevent UAF in NativeImage.getBitmap (#25782)

This commit is contained in:
Jeremy Rose 2020-10-06 15:58:40 -07:00 committed by GitHub
parent 0632d59da0
commit f31a1c9e4e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -103,8 +103,6 @@ base::win::ScopedHICON ReadICOFromPath(int size, const base::FilePath& path) {
}
#endif
void Noop(char*, void*) {}
} // namespace
NativeImage::NativeImage(v8::Isolate* isolate, const gfx::Image& image)
@ -224,6 +222,10 @@ std::string NativeImage::ToDataURL(gin::Arguments* args) {
image_.AsImageSkia().GetRepresentation(scale_factor).GetBitmap());
}
void SkUnref(char* data, void* hint) {
reinterpret_cast<SkRefCnt*>(hint)->unref();
}
v8::Local<v8::Value> NativeImage::GetBitmap(gin::Arguments* args) {
float scale_factor = GetScaleFactorFromOptions(args);
@ -232,9 +234,10 @@ v8::Local<v8::Value> NativeImage::GetBitmap(gin::Arguments* args) {
SkPixelRef* ref = bitmap.pixelRef();
if (!ref)
return node::Buffer::New(args->isolate(), 0).ToLocalChecked();
ref->ref();
return node::Buffer::New(args->isolate(),
reinterpret_cast<char*>(ref->pixels()),
bitmap.computeByteSize(), &Noop, nullptr)
bitmap.computeByteSize(), &SkUnref, ref)
.ToLocalChecked();
}