8000 chore: cherry-pick 668cf831e912 from chromium by ppontes · Pull Request #28931 · electron/electron · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

chore: cherry-pick 668cf831e912 from chromium #28931

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Apr 29, 2021
Merged

chore: cherry-pick 668cf831e912 from chromium #28931

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1a76685
chore: cherry-pick 668cf831e912 from chromium
ppontes Apr 29, 2021
d29e0fb
update patches
electron-bot Apr 29, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions patches/chromium/.patches
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,3 +175,4 @@ cherry-pick-6b84dc72351b.patch
cherry-pick-7dd3b1c86795.patch
cherry-pick-1028ffc9bd83.patch
cherry-pick-5745eaf16077.patch
cherry-pick-668cf831e912.patch
57 changes: 57 additions & 0 deletions patches/chromium/cherry-pick-668cf831e912.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ken Rockot <rockot@google.com>
Date: Tue, 23 Mar 2021 21:13:00 +0000
Subject: Never fail in ReceiverSet::Add

Because of how UniqueReceiverSet is implemented and used, it is
dangerous to allow Add() to fail: callers reasonably assume that added
objects are still alive immediately after the Add() call.

This changes ReceiverId to a uint64 and simply CHECK-fails on
insert collision.

This fundamentally increases binary size of 32-bit builds, because
a widely used 32-bit data type is expanding to 64 bits for the sake
of security and stability. It is effectively unavoidable for now, and
also just barely above the tolerable threshold.

A follow-up (but less backwards-mergeable) change should be able to
reduce binary size beyond this increase by consolidating shared
code among ReceiverSet template instantiations.

Fixed: 1185732
Change-Id: I9acf6aaaa36e10fdce5aa49a890173caddc13c52
Binary-Size: Unavoidable (see above)
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2778871
Commit-Queue: Ken Rockot <rockot@google.com>
Auto-Submit: Ken Rockot <rockot@google.com>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#865815}

diff --git a/mojo/public/cpp/bindings/receiver_set.h b/mojo/public/cpp/bindings/receiver_set.h
index 8d7d73231543c70b67913fdf735c1a16cc6170b1..56027d1f3e6393f739c3b51330137d54ae3fc0d2 100644
--- a/mojo/public/cpp/bindings/receiver_set.h
+++ b/mojo/public/cpp/bindings/receiver_set.h
@@ -24,7 +24,7 @@

namespace mojo {

-using ReceiverId = size_t;
+using ReceiverId = uint64_t;

template <typename ReceiverType>
struct ReceiverSetTraits;
@@ -359,11 +359,11 @@ class ReceiverSetBase {
Context context,
scoped_refptr<base::SequencedTaskRunner> task_runner) {
ReceiverId id = next_receiver_id_++;
- DCHECK_GE(next_receiver_id_, 0u);
auto entry =
std::make_unique<Entry>(std::move(impl), std::move(receiver), this, id,
std::move(context), std::move(task_runner));
- receivers_.insert(std::make_pair(id, std::move(entry)));
+ auto result = receivers_.insert(std::make_pair(id, std::move(entry)));
+ CHECK(result.second) << "ReceiverId overflow with collision";
return id;
}

0