github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-01-09 15:38:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

chore: update fix_harden_blink_scriptstate_maybefrom.patch (#48566)

Browse Source
This commit is contained in:
Robo
2025-10-16 10:16:17 +09:00
committed by GitHub
parent 471a14432f
commit 7580e3a5e2
1 changed files with 45 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
patches/chromium/fix_harden_blink_scriptstate_maybefrom.patch
View File

@@ -3,6 +3,9 @@ From: deepak1556 <hop2deep@gmail.com>
Date: Wed, 28 Jun 2023 21:11:40 +0900 Date: Wed, 28 Jun 2023 21:11:40 +0900
Subject: fix: harden blink::ScriptState::MaybeFrom Subject: fix: harden blink::ScriptState::MaybeFrom
NOTE: since https://chromium-review.googlesource.com/c/chromium/src/+/6973697
the patch is only needed for 32-bit builds.
This is needed as side effect of https://chromium-review.googlesource.com/c/chromium/src/+/4609446 This is needed as side effect of https://chromium-review.googlesource.com/c/chromium/src/+/4609446
which now gets blink::ExecutionContext from blink::ScriptState which now gets blink::ExecutionContext from blink::ScriptState
and there are isolate callbacks which get entered from Node.js and there are isolate callbacks which get entered from Node.js
@@ -53,73 +56,84 @@ index cecf528475cb832ed1876381878eade582bc83d6..71308b2d963c2d083328aad6be356dc5
enum EmbedderDataTag : uint16_t { enum EmbedderDataTag : uint16_t {
diff --git a/third_party/blink/renderer/platform/bindings/script_state.cc b/third_party/blink/renderer/platform/bindings/script_state.cc diff --git a/third_party/blink/renderer/platform/bindings/script_state.cc b/third_party/blink/renderer/platform/bindings/script_state.cc
index 7c602990a3f9a3083308d282fe79bf858b642cdf..29222ecc17bf2e621c44f4b0f15a638326f3be38 100644 index 7c602990a3f9a3083308d282fe79bf858b642cdf..f8ee61b8b2a45371d259717215a1fb4511514567 100644
--- a/third_party/blink/renderer/platform/bindings/script_state.cc --- a/third_party/blink/renderer/platform/bindings/script_state.cc
+++ b/third_party/blink/renderer/platform/bindings/script_state.cc +++ b/third_party/blink/renderer/platform/bindings/script_state.cc
@@ -14,6 +14,10 @@ namespace blink { @@ -14,6 +14,12 @@ namespace blink {
ScriptState::CreateCallback ScriptState::s_create_callback_ = nullptr; ScriptState::CreateCallback ScriptState::s_create_callback_ = nullptr;
+#if defined(ARCH_CPU_32_BITS)
+int const ScriptState::kScriptStateTag = 0x6e6f64; +int const ScriptState::kScriptStateTag = 0x6e6f64;
+void* const ScriptState::kScriptStateTagPtr = const_cast<void*>( +void* const ScriptState::kScriptStateTagPtr = const_cast<void*>(
+ static_cast<const void*>(&ScriptState::kScriptStateTag)); + static_cast<const void*>(&ScriptState::kScriptStateTag));
+#endif // defined(ARCH_CPU_32_BITS)
+ +
// static // static
void ScriptState::SetCreateCallback(CreateCallback create_callback) { void ScriptState::SetCreateCallback(CreateCallback create_callback) {
DCHECK(create_callback); DCHECK(create_callback);
@@ -39,6 +43,8 @@ ScriptState::ScriptState(v8::Local<v8::Context> context, @@ -39,6 +45,10 @@ ScriptState::ScriptState(v8::Local<v8::Context> context,
context_.SetWeak(this, &OnV8ContextCollectedCallback); context_.SetWeak(this, &OnV8ContextCollectedCallback);
context->SetAlignedPointerInEmbedderData(kV8ContextPerContextDataIndex, this, context->SetAlignedPointerInEmbedderData(kV8ContextPerContextDataIndex, this,
gin::kBlinkScriptState); gin::kBlinkScriptState);
+#if defined(ARCH_CPU_32_BITS)
+ context->SetAlignedPointerInEmbedderData( + context->SetAlignedPointerInEmbedderData(
+ kV8ContextPerContextDataTagIndex, ScriptState::kScriptStateTagPtr); + kV8ContextPerContextDataTagIndex, ScriptState::kScriptStateTagPtr);
+#endif // defined(ARCH_CPU_32_BITS)
RendererResourceCoordinator::Get()->OnScriptStateCreated(this, RendererResourceCoordinator::Get()->OnScriptStateCreated(this,
execution_context); execution_context);
} }
@@ -82,6 +88,8 @@ void ScriptState::DissociateContext() { @@ -82,6 +92,10 @@ void ScriptState::DissociateContext() {
// Cut the reference from V8 context to ScriptState. // Cut the reference from V8 context to ScriptState.
GetContext()->SetAlignedPointerInEmbedderData( GetContext()->SetAlignedPointerInEmbedderData(
kV8ContextPerContextDataIndex, nullptr, gin::kBlinkScriptState); kV8ContextPerContextDataIndex, nullptr, gin::kBlinkScriptState);
+#if defined(ARCH_CPU_32_BITS)
+ GetContext()->SetAlignedPointerInEmbedderData( + GetContext()->SetAlignedPointerInEmbedderData(
+ kV8ContextPerContextDataTagIndex, nullptr); + kV8ContextPerContextDataTagIndex, nullptr);
+#endif // defined(ARCH_CPU_32_BITS)
reference_from_v8_context_.Clear(); reference_from_v8_context_.Clear();
// Cut the reference from ScriptState to V8 context. // Cut the reference from ScriptState to V8 context.
diff --git a/third_party/blink/renderer/platform/bindings/script_state.h b/third_party/blink/renderer/platform/bindings/script_state.h diff --git a/third_party/blink/renderer/platform/bindings/script_state.h b/third_party/blink/renderer/platform/bindings/script_state.h
index f06885f429a395b5c2eb55c89803837b550d765c..3340e4ec8d1ea20ea8310f288428b5869e85392a 100644 index f06885f429a395b5c2eb55c89803837b550d765c..1d64099b32c2a9a0d68e8b5317d17e13789dc299 100644
--- a/third_party/blink/renderer/platform/bindings/script_state.h --- a/third_party/blink/renderer/platform/bindings/script_state.h
+++ b/third_party/blink/renderer/platform/bindings/script_state.h +++ b/third_party/blink/renderer/platform/bindings/script_state.h
@@ -185,7 +185,12 @@ class PLATFORM_EXPORT ScriptState : public GarbageCollected<ScriptState> { @@ -6,6 +6,7 @@
v8::Local<v8::Context> context) { #define THIRD_PARTY_BLINK_RENDERER_PLATFORM_BINDINGS_SCRIPT_STATE_H_
DCHECK(!context.IsEmpty());
if (context->GetNumberOfEmbedderDataFields() <= #include "base/memory/raw_ptr.h"
- kV8ContextPerContextDataIndex) { +#include "build/build_config.h"
+ kV8ContextPerContextDataTagIndex) { #include "gin/public/context_holder.h"
+ return nullptr; #include "gin/public/gin_embedders.h"
+ } #include "third_party/blink/public/common/tokens/tokens.h"
+ if (context->GetAlignedPointerFromEmbedderData( @@ -188,6 +189,15 @@ class PLATFORM_EXPORT ScriptState : public GarbageCollected<ScriptState> {
+ kV8ContextPerContextDataTagIndex) != kV8ContextPerContextDataIndex) {
+ ScriptState::kScriptStateTagPtr) {
return nullptr; return nullptr;
} }
+#if defined(ARCH_CPU_32_BITS)
+ if (context->GetNumberOfEmbedderDataFields() <=
+ kV8ContextPerContextDataTagIndex ||
+ context->GetAlignedPointerFromEmbedderData(
+ kV8ContextPerContextDataTagIndex) !=
+ ScriptState::kScriptStateTagPtr) {
+ return nullptr;
+ }
+#endif // defined(ARCH_CPU_32_BITS)
ScriptState* script_state = ScriptState* script_state =
@@ -263,6 +268,8 @@ class PLATFORM_EXPORT ScriptState : public GarbageCollected<ScriptState> { static_cast<ScriptState*>(context->GetAlignedPointerFromEmbedderData(
static void SetCreateCallback(CreateCallback); isolate, kV8ContextPerContextDataIndex, gin::kBlinkScriptState));
friend class ScriptStateImpl; @@ -267,6 +277,14 @@ class PLATFORM_EXPORT ScriptState : public GarbageCollected<ScriptState> {
+ static void* const kScriptStateTagPtr;
+ static int const kScriptStateTag;
static constexpr int kV8ContextPerContextDataIndex =
static_cast<int>(gin::kPerContextDataStartIndex) + static_cast<int>(gin::kPerContextDataStartIndex) +
static_cast<int>(gin::kEmbedderBlink); static_cast<int>(gin::kEmbedderBlink);
@@ -271,6 +278,10 @@ class PLATFORM_EXPORT ScriptState : public GarbageCollected<ScriptState> {
// internals.idl. +#if defined(ARCH_CPU_32_BITS)
String last_compiled_script_file_name_; + static void* const kScriptStateTagPtr;
bool last_compiled_script_used_code_cache_ = false; + static int const kScriptStateTag;
+
+ static constexpr int kV8ContextPerContextDataTagIndex = + static constexpr int kV8ContextPerContextDataTagIndex =
+ static_cast<int>(gin::kPerContextDataStartIndex) + + static_cast<int>(gin::kPerContextDataStartIndex) +
+ static_cast<int>(gin::kEmbedderBlinkTag); + static_cast<int>(gin::kEmbedderBlinkTag);
}; +#endif // defined(ARCH_CPU_32_BITS)
+
// ScriptStateProtectingContext keeps the context associated with the // For accessing information about the last script compilation via
// internals.idl.
String last_compiled_script_file_name_;