Skia: OOB Read in ReflexHash::checkTriangle
Categories
(Core :: Graphics, defect, P2)
Tracking
()
People
(Reporter: dveditz, Assigned: lsalzman)
References
Details
(Keywords: csectype-bounds, sec-moderate, Whiteboard: [post-critsmash-triage][adv-main69+])
Attachments
(1 file)
A patch in Chrome for Skia went into the upcoming Chrome 76, described as "OOB Read in ReflexHash::checkTriangle" and medium security severity. The patch was elsewhere and I don't have a testcase that points to that location. Fixed in the following patch:
https://skia.googlesource.com/skia/+/a5ef39726a7b8e54d295aa8336e7d874bc33f436
Updated•5 years ago
|
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 1•5 years ago
|
||
Assignee | ||
Comment 2•5 years ago
|
||
I don't believe we use the shadow code affected by this patch, but just in case there is no harm in cherrypicking this.
Comment 3•5 years ago
|
||
There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:lsalzman, could you have a look please?
For more information, please visit auto_nag documentation.
Assignee | ||
Updated•5 years ago
|
Comment 4•5 years ago
|
||
https://hg.mozilla.org/integration/autoland/rev/8cdaaacd3b2926bfcc0e2c73bc9c55f8850e9ff8
https://hg.mozilla.org/mozilla-central/rev/8cdaaacd3b29
Updated•5 years ago
|
Updated•5 years ago
|
Comment 5•5 years ago
|
||
Is this something we need to backport to ESR68 for the 68.1esr release? Given the severity and where we are in the life cycle, I'm assuming we can skip ESR60.
Assignee | ||
Comment 6•5 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM] from comment #5)
Is this something we need to backport to ESR68 for the 68.1esr release? Given the severity and where we are in the life cycle, I'm assuming we can skip ESR60.
I believe we are safe for now if we don't backport, as we don't seem to be using this code.
Comment 7•5 years ago
|
||
Thanks.
Reporter | ||
Updated•5 years ago
|
Reporter | ||
Comment 8•5 years ago
|
||
Google assigned CVE-2019-5849 to this Skia flaw.
Updated•5 years ago
|
Reporter | ||
Updated•3 years ago
|
Description
•