Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 1 changes from 0-M124 #41985

Draft
wants to merge 1 commit into
base: 28-x-y
Choose a base branch
from
Draft

chore: cherry-pick 1 changes from 0-M124 #41985

wants to merge 1 commit into from
+216 −0

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Apr 28, 2024

electron/security#500 - 0d9350b71fd0 from chromium Merge "Fix DOMArrayBuffer::IsDetached()" and "Comment out a CHECK that a DOMAB has maximally one non-detached JSAB"

A DOMArrayBuffer was maintaining its own "is_detached_" state, and
would consider itself non-detached even if the corresponding
JSArrayBuffer (or, all of them, in case there are several) was
detached.

Piping in the v8::Isolate would be a too big change for this fix, so this is using v8::Isolate::GetCurrent() for now.

Comment out a CHECK that a DOMAB has maximally one non-detached JSAB

Based on crash reports, this assumption is not true and has to be
investigated.

Removing this newly introduced CHECK to be able to merge fixes in this
area - we still violate this invariant but the fixes are a step into
the right direction.

Fix in question:
https://chromium-review.googlesource.com/5387887
which also introduced this CHECK.

(cherry picked from commit 04e7550d7aa3bf4ac4e49d7074972d357de139e6)

Change-Id: I6a46721e24c6f04fe8252bc4a5e94caeec3a8b51
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5435035
Commit-Queue: Marja Hölttä marja@chromium.org
Reviewed-by: Michael Lippautz mlippautz@chromium.org
Cr-Commit-Position: refs/branch-heads/6367@{#667}
Cr-Branched-From: d158c6dc6e3604e6f899041972edf26087a49740-refs/heads/main@{#1274542}

Notes:

@ppontes ppontes requested a review from a team as a code owner April 28, 2024 00:24
@ppontes ppontes added security 🔒 semver/patch backwards-compatible bug fixes backport-check-skip Skip trop's backport validity checking 28-x-y labels Apr 28, 2024
@ppontes ppontes marked this pull request as draft April 28, 2024 00:25
@ppontes ppontes force-pushed the cherry-pick/security/28-x-y/0-m124 branch from de617ff to 7b9a997 Compare April 28, 2024 00:35
@ppontes ppontes marked this pull request as ready for review April 28, 2024 00:36
@ppontes ppontes marked this pull request as draft April 29, 2024 13:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
28-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@ppontes