From 473a55544aa0b21a04195c0b34fc7c08b57bdd6b Mon Sep 17 00:00:00 2001
From: xurui <xurui115@h-partners.com>
Date: Wed, 17 Apr 2024 18:17:54 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8DCVE-2024-3157?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: xurui <xurui115@h-partners.com>
---
 .../cpp/compositing/bitmap_in_shared_memory_mojom_traits.cc   | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/services/viz/public/cpp/compositing/bitmap_in_shared_memory_mojom_traits.cc b/services/viz/public/cpp/compositing/bitmap_in_shared_memory_mojom_traits.cc
index aac9ee18fb..9ff3e3120f 100644
--- a/services/viz/public/cpp/compositing/bitmap_in_shared_memory_mojom_traits.cc
+++ b/services/viz/public/cpp/compositing/bitmap_in_shared_memory_mojom_traits.cc
@@ -76,6 +76,10 @@ bool StructTraits<viz::mojom::BitmapInSharedMemoryDataView, SkBitmap>::Read(
   if (!mapping_ptr->IsValid())
     return false;
 
+  if (mapping_ptr->size() < image_info.computeByteSize(data.row_bytes())) {
+    return false;
+  }
+
   if (!sk_bitmap->installPixels(image_info, mapping_ptr->memory(),
                                 data.row_bytes(), &DeleteSharedMemoryMapping,
                                 mapping_ptr.get())) {
-- 
Gitee