Fix for CVE-2020-16010 (Heap buffer overflow in UI in Google Chrome o… · kiwibrowser/src@66341b7

Commit

Fix for CVE-2020-16010 (Heap buffer overflow in UI in Google Chrome o…

…n Android)

kiwibrowser authored Nov 5, 2020

1 parent b294441 commit 66341b7

ui/gfx/android/java_bitmap.cc

-Original file line number
+Diff line change
@@ Expand Up / @@ -8,6 +8,7 @@ @@
     #include "base/android/jni_string.h"
     #include "base/logging.h"
+    #include "base/numerics/safe_conversions.h"
     #include "jni/BitmapHelper_jni.h"
     #include "ui/gfx/geometry/size.h"
@@ Expand Down Expand Up @@
       JavaBitmap dst_lock(jbitmap);
       void* src_pixels = skbitmap->getPixels();
       void* dst_pixels = dst_lock.pixels();
+      CHECK_GE(base::checked_cast<size_t>(dst_lock.byte_count()),
+               skbitmap->computeByteSize());
       memcpy(dst_pixels, src_pixels, skbitmap->computeByteSize());
       return jbitmap;
@@ Expand Down @@

Please sign in to comment.