From 43082239d440a9a33bb2650ea5487836486983b6 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Mon, 2 May 2022 11:21:11 +0200 Subject: Fix read-after-free on EGL extensions Cache the read extensions as an std::string, since the returned C string may be not be permanent. Change-Id: I856b2b784ab4027da25996b2bf741b30cda10e05 Reviewed-by: Michal Klocek (cherry picked from commit fd2fc0d2a86f39d563720563555ca6319f8ab223) --- src/core/ozone/gl_surface_egl_qt.cpp | 4 ++-- src/core/ozone/gl_surface_glx_qt.cpp | 12 ++++++------ src/core/ozone/gl_surface_qt.cpp | 4 ++-- src/core/ozone/gl_surface_qt.h | 6 +++--- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/src/core/ozone/gl_surface_egl_qt.cpp b/src/core/ozone/gl_surface_egl_qt.cpp index 91402abfe..447826baa 100644 --- a/src/core/ozone/gl_surface_egl_qt.cpp +++ b/src/core/ozone/gl_surface_egl_qt.cpp @@ -93,7 +93,7 @@ bool GLSurfaceEGLQt::InitializeOneOff() } g_extensions = eglQueryString(g_display, EGL_EXTENSIONS); - g_egl_surfaceless_context_supported = ExtensionsContain(g_extensions, "EGL_KHR_surfaceless_context"); + g_egl_surfaceless_context_supported = ExtensionsContain(g_extensions.c_str(), "EGL_KHR_surfaceless_context"); if (g_egl_surfaceless_context_supported) { scoped_refptr surface = new GLSurfacelessQtEGL(gfx::Size(1, 1)); gl::GLContextAttribs attribs; @@ -202,7 +202,7 @@ void GLSurfaceEGL::ShutdownOneOff() const char* GLSurfaceEGL::GetEGLExtensions() { - return GLSurfaceQt::g_extensions; + return GLSurfaceQt::g_extensions.c_str(); } bool GLSurfaceEGL::HasEGLExtension(const char* name) diff --git a/src/core/ozone/gl_surface_glx_qt.cpp b/src/core/ozone/gl_surface_glx_qt.cpp index 188a92729..c796444b1 100644 --- a/src/core/ozone/gl_surface_glx_qt.cpp +++ b/src/core/ozone/gl_surface_glx_qt.cpp @@ -62,7 +62,7 @@ void GLSurfaceGLX::ShutdownOneOff() bool GLSurfaceGLX::IsCreateContextSupported() { - return ExtensionsContain(GLSurfaceQt::g_extensions, "GLX_ARB_create_context"); + return HasGLXExtension("GLX_ARB_create_context"); } bool GLSurfaceGLX::IsCreateContextRobustnessSupported() @@ -87,7 +87,7 @@ bool GLSurfaceGLX::IsCreateContextProfileSupported() bool GLSurfaceGLX::IsCreateContextES2ProfileSupported() { - return ExtensionsContain(GLSurfaceQt::g_extensions, "GLX_ARB_create_context_es2_profile"); + return HasGLXExtension("GLX_ARB_create_context_es2_profile"); } bool GLSurfaceGLX::IsOMLSyncControlSupported() @@ -97,12 +97,12 @@ bool GLSurfaceGLX::IsOMLSyncControlSupported() bool GLSurfaceGLX::HasGLXExtension(const char *name) { - return ExtensionsContain(GLSurfaceQt::g_extensions, name); + return ExtensionsContain(GLSurfaceQt::g_extensions.c_str(), name); } bool GLSurfaceGLX::IsTextureFromPixmapSupported() { - return ExtensionsContain(GLSurfaceQt::g_extensions, "GLX_EXT_texture_from_pixmap"); + return HasGLXExtension("GLX_EXT_texture_from_pixmap"); } bool GLSurfaceGLX::IsRobustnessVideoMemoryPurgeSupported() @@ -112,7 +112,7 @@ bool GLSurfaceGLX::IsRobustnessVideoMemoryPurgeSupported() const char* GLSurfaceGLX::GetGLXExtensions() { - return GLSurfaceQt::g_extensions; + return GLSurfaceQt::g_extensions.c_str(); } bool GLSurfaceGLXQt::InitializeOneOff() @@ -158,7 +158,7 @@ bool GLSurfaceGLXQt::InitializeExtensionSettingsOneOff() Display* display = static_cast(g_display); GLSurfaceQt::g_extensions = glXQueryExtensionsString(display, 0); - g_driver_glx.InitializeExtensionBindings(g_extensions); + g_driver_glx.InitializeExtensionBindings(g_extensions.c_str()); return true; } diff --git a/src/core/ozone/gl_surface_qt.cpp b/src/core/ozone/gl_surface_qt.cpp index 2c464c11c..990a62f8b 100644 --- a/src/core/ozone/gl_surface_qt.cpp +++ b/src/core/ozone/gl_surface_qt.cpp @@ -78,7 +78,7 @@ bool g_initializedEGL = false; void* GLSurfaceQt::g_display = nullptr; void* GLSurfaceQt::g_config = nullptr; -const char* GLSurfaceQt::g_extensions = nullptr; +std::string GLSurfaceQt::g_extensions; GLSurfaceQt::~GLSurfaceQt() { @@ -99,7 +99,7 @@ GLSurfaceQt::GLSurfaceQt(const gfx::Size& size) bool GLSurfaceQt::HasEGLExtension(const char* name) { - return ExtensionsContain(g_extensions, name); + return ExtensionsContain(g_extensions.c_str(), name); } bool GLSurfaceQt::IsOffscreen() diff --git a/src/core/ozone/gl_surface_qt.h b/src/core/ozone/gl_surface_qt.h index cbdc8876a..b3a53d6b3 100644 --- a/src/core/ozone/gl_surface_qt.h +++ b/src/core/ozone/gl_surface_qt.h @@ -37,11 +37,11 @@ ** ****************************************************************************/ - - #ifndef GL_SURFACE_QT_H_ #define GL_SURFACE_QT_H_ +#include + #include "ui/gfx/geometry/size.h" #include "ui/gl/gl_surface.h" @@ -71,7 +71,7 @@ protected: public: static void* g_config; static void* g_display; - static const char* g_extensions; + static std::string g_extensions; private: DISALLOW_COPY_AND_ASSIGN(GLSurfaceQt); -- cgit v1.2.3