1555838 - (CVE-2019-5849) Skia: OOB Read in ReflexHash::checkTriangle

Status: RESOLVED FIXED

(Core :: Graphics, defect, P2)

Description

[Daniel Veditz [:dveditz]]

A patch in Chrome for Skia went into the upcoming Chrome 76, described as "OOB Read in ReflexHash::checkTriangle" and medium security severity. The patch was elsewhere and I don't have a testcase that points to that location. Fixed in the following patch:

https://skia.googlesource.com/skia/+/a5ef39726a7b8e54d295aa8336e7d874bc33f436

Comment 1

[Lee Salzman [:lsalzman]]

Attachment: Bug 1555838 - More polyutil fixes. r?rhunt

Comment 2

[Lee Salzman [:lsalzman]]

I don't believe we use the shadow code affected by this patch, but just in case there is no harm in cherrypicking this.

Comment 3

[BugBot [:suhaib / :marco/ :calixte]]

There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:lsalzman, could you have a look please?
For more information, please visit auto_nag documentation.

Comment 4

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

https://hg.mozilla.org/integration/autoland/rev/8cdaaacd3b2926bfcc0e2c73bc9c55f8850e9ff8
https://hg.mozilla.org/mozilla-central/rev/8cdaaacd3b29

Comment 5

[Ryan VanderMeulen [:RyanVM]]

Is this something we need to backport to ESR68 for the 68.1esr release? Given the severity and where we are in the life cycle, I'm assuming we can skip ESR60.

Comment 6

[Lee Salzman [:lsalzman]]

(In reply to Ryan VanderMeulen [:RyanVM] from comment #5)

Is this something we need to backport to ESR68 for the 68.1esr release? Given the severity and where we are in the life cycle, I'm assuming we can skip ESR60.

I believe we are safe for now if we don't backport, as we don't seem to be using this code.

Comment 7

[Ryan VanderMeulen [:RyanVM]]

Thanks.

Comment 8

[Daniel Veditz [:dveditz]]

Google assigned CVE-2019-5849 to this Skia flaw.