mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

fix: prevent UAF in NativeImage.getBitmap (#25782)

Browse source
This commit is contained in:
Jeremy Rose 2020-10-06 15:58:40 -07:00 committed by GitHub
parent 0632d59da0
commit f31a1c9e4e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
shell/common/api/electron_api_native_image.cc
View file

@ -103,8 +103,6 @@ base::win::ScopedHICON ReadICOFromPath(int size, const base::FilePath& path) {
} }
#endif #endif
void Noop(char*, void*) {}
} // namespace } // namespace
NativeImage::NativeImage(v8::Isolate* isolate, const gfx::Image& image) NativeImage::NativeImage(v8::Isolate* isolate, const gfx::Image& image)
@ -224,6 +222,10 @@ std::string NativeImage::ToDataURL(gin::Arguments* args) {
image_.AsImageSkia().GetRepresentation(scale_factor).GetBitmap()); image_.AsImageSkia().GetRepresentation(scale_factor).GetBitmap());
} }
void SkUnref(char* data, void* hint) {
reinterpret_cast<SkRefCnt*>(hint)->unref();
}
v8::Local<v8::Value> NativeImage::GetBitmap(gin::Arguments* args) { v8::Local<v8::Value> NativeImage::GetBitmap(gin::Arguments* args) {
float scale_factor = GetScaleFactorFromOptions(args); float scale_factor = GetScaleFactorFromOptions(args);
@ -232,9 +234,10 @@ v8::Local<v8::Value> NativeImage::GetBitmap(gin::Arguments* args) {
SkPixelRef* ref = bitmap.pixelRef(); SkPixelRef* ref = bitmap.pixelRef();
if (!ref) if (!ref)
return node::Buffer::New(args->isolate(), 0).ToLocalChecked(); return node::Buffer::New(args->isolate(), 0).ToLocalChecked();
ref->ref();
return node::Buffer::New(args->isolate(), return node::Buffer::New(args->isolate(),
reinterpret_cast<char*>(ref->pixels()), reinterpret_cast<char*>(ref->pixels()),
bitmap.computeByteSize(), &Noop, nullptr) bitmap.computeByteSize(), &SkUnref, ref)
.ToLocalChecked(); .ToLocalChecked();
} }