| commit | 1c11309703f3130539c0789bd2468254813f278b | |
| author | krasin <krasin@google.com> | |
| Thu, 23 Jul 2015 21:57:01 +0000 (23 14:57 -0700) | ||
| committer | Commit bot <commit-bot@chromium.org> | |
| Thu, 23 Jul 2015 21:57:38 +0000 (23 21:57 +0000) | ||
| tree | c8f0ac1be4be34ccb59a3d614ef161164ada1857 | treesnapshot (tar.gz zip) |
| parent | 85111674b30562ab0ba3a0f7d3b09761fdc09e00 | commitdiff |
CFI: Prevent invalid static cast from NonCancelableEvent.
What happens here is EventHandler::OnEvent checks for the
event type being ET_CANCEL_MODE, and then assumes it's a
CancelModeEvent by making a static_cast to this type:
https://code.google.com/p/chromium/codesearch#chromium/src/ui/events/event_handler.cc&sq=package:chromium&rcl=1437561259&l=36
This bug was found by Control Flow Integrity check, see
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
BUG=chromium:513425,chromium:457523
Review URL: https://codereview.chromium.org/1252193003
Cr-Commit-Position: refs/heads/master@{#340177}
What happens here is EventHandler::OnEvent checks for the
event type being ET_CANCEL_MODE, and then assumes it's a
CancelModeEvent by making a static_cast to this type:
https://code.google.com/p/chromium/codesearch#chromium/src/ui/events/event_handler.cc&sq=package:chromium&rcl=1437561259&l=36
This bug was found by Control Flow Integrity check, see
https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity
BUG=chromium:513425,chromium:457523
Review URL: https://codereview.chromium.org/1252193003
Cr-Commit-Position: refs/heads/master@{#340177}
| ui/events/event_dispatcher_unittest.cc | diffblobblamehistory |