New issue
Advanced search Search tips

Issue 836928 link

Starred by 1 user
Status: Fixed
Owner:
backer@chromium.org
Closed: May 2018
Cc:
vmi...@chromium.org
piman@chromium.org
enne@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug

Blocking:
issue 757607



Sign in to add a comment

Prevent other commands between Begin/EndRaster

Project Member Reported by backer@chromium.org, Apr 25 2018 
From piman@:

Relatedly, a security issue, therefore required before considering turning on to users. If a non-raster command happens between BeginRaster and EndRaster it will both execute with the wrong state (if it was changed by Skia), and possibly mess up skia's state. This can cause all sort of bad things including out-of-bound issues.

We could add checking in all non-Raster commands that we're not within Begin/EndRaster. This could probably go into the generator.

Comment 1 by enne@chromium.org, Apr 25 2018

Blocking: 757607
Project Member

Comment 2 by bugdroid1@chromium.org, May 14 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2231a0095dc56a4b870e69468edd80506d71a7bb

commit 2231a0095dc56a4b870e69468edd80506d71a7bb
Author: Jonathan Backer <backer@chromium.org>
Date: Mon May 14 19:55:22 2018

Whitelist commands between {Begin,End}RasterCHROMIUM

Flag an error if not in whitelist. Skip over rejected commands.

I used a fake (InProcCommandBuffer) instead of a mock
because it was too difficult to inject (e.g. if you use a fake
GrContext, you have to use fake GrBackendTexture, etc).

Bug:  836928 
Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel
Change-Id: I7e3a996fb17491b755f0423d205b385c437f7509
Reviewed-on: https://chromium-review.googlesource.com/1057891
Commit-Queue: Jonathan Backer <backer@chromium.org>
Reviewed-by: enne <enne@chromium.org>
Cr-Commit-Position: refs/heads/master@{#558423}
[modify] https://crrev.com/2231a0095dc56a4b870e69468edd80506d71a7bb/gpu/BUILD.gn
[modify] https://crrev.com/2231a0095dc56a4b870e69468edd80506d71a7bb/gpu/command_buffer/service/raster_decoder.cc
[modify] https://crrev.com/2231a0095dc56a4b870e69468edd80506d71a7bb/gpu/ipc/client/DEPS
[modify] https://crrev.com/2231a0095dc56a4b870e69468edd80506d71a7bb/gpu/ipc/client/raster_in_process_context_tests.cc

Comment 3 by backer@chromium.org, May 14 2018

Status: Fixed (was: Assigned)

Sign in to add a comment