From 0049cee96c4b92b8cd7b018919e9067c755c90be Mon Sep 17 00:00:00 2001 From: "trop[bot]" Date: Tue, 4 Jun 2019 10:28:55 -0400 Subject: [PATCH 1/4] build: move Windows release builds to AppVeyor cloud (#18605) * build: move Windows release builds to AppVeyor cloud * Use new env variable for AppVeyor cloud server --- .env.example | 2 +- script/ci-release-build.js | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.env.example b/.env.example index cd15610276869..eb3df4b6bdf9c 100644 --- a/.env.example +++ b/.env.example @@ -1,7 +1,7 @@ # These env vars are only necessary for creating Electron releases. # See docs/development/releasing.md -APPVEYOR_TOKEN= +APPVEYOR_CLOUD_TOKEN= CIRCLE_TOKEN= ELECTRON_GITHUB_TOKEN= VSTS_TOKEN= \ No newline at end of file diff --git a/script/ci-release-build.js b/script/ci-release-build.js index eae38308a3185..c156358c09779 100644 --- a/script/ci-release-build.js +++ b/script/ci-release-build.js @@ -2,12 +2,12 @@ if (!process.env.CI) require('dotenv-safe').load() const assert = require('assert') const request = require('request') -const buildAppVeyorURL = 'https://windows-ci.electronjs.org/api/builds' +const buildAppVeyorURL = 'https://ci.appveyor.com/api/builds' const vstsURL = 'https://github.visualstudio.com/electron/_apis/build' const appVeyorJobs = { - 'electron-x64': 'electron', - 'electron-ia32': 'electron-39ng6' + 'electron-x64': 'electron-x64-release', + 'electron-ia32': 'electron-ia32-release' } const circleCIJobs = [ @@ -100,13 +100,13 @@ async function callAppVeyor (targetBranch, job, options) { const requestOpts = { url: buildAppVeyorURL, auth: { - bearer: process.env.APPVEYOR_TOKEN + bearer: process.env.APPVEYOR_CLOUD_TOKEN }, headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ - accountName: 'AppVeyor', + accountName: 'electron-bot', projectSlug: appVeyorJobs[job], branch: targetBranch, environmentVariables @@ -116,7 +116,7 @@ async function callAppVeyor (targetBranch, job, options) { const appVeyorResponse = await makeRequest(requestOpts, true).catch(err => { console.log('Error calling AppVeyor:', err) }) - const buildUrl = `https://windows-ci.electronjs.org/project/AppVeyor/${appVeyorJobs[job]}/build/${appVeyorResponse.version}` + const buildUrl = `https://ci.appveyor.com/project/electron-bot/${appVeyorJobs[job]}/build/${appVeyorResponse.version}` console.log(`AppVeyor release build request for ${job} successful. Check build status at ${buildUrl}`) } From 49dc15469d90d5282f07be8fb7145b069d428b35 Mon Sep 17 00:00:00 2001 From: Milan Burda Date: Tue, 4 Jun 2019 17:09:20 +0200 Subject: [PATCH 2/4] fix: don't export private V8 symbols that can cause native node modules to crash (#18281) (#18621) --- patches/common/v8/.patches | 1 + ...export_private_v8_symbols_on_windows.patch | 52 +++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 patches/common/v8/do_not_export_private_v8_symbols_on_windows.patch diff --git a/patches/common/v8/.patches b/patches/common/v8/.patches index 7c1edbb4071e4..3ac7b1da11d33 100644 --- a/patches/common/v8/.patches +++ b/patches/common/v8/.patches @@ -19,5 +19,6 @@ disable-warning-win.patch expose_mksnapshot.patch build-torque-with-x64-toolchain-on-arm.patch do_not_run_arm_arm64_mksnapshot_binaries.patch +do_not_export_private_v8_symbols_on_windows.patch turbofan_fix_wrong_typing_of_speculativesafeintegersubtract.patch turbofan_restrict_redundancy_elimination_from_widening_types.patch diff --git a/patches/common/v8/do_not_export_private_v8_symbols_on_windows.patch b/patches/common/v8/do_not_export_private_v8_symbols_on_windows.patch new file mode 100644 index 0000000000000..242e0fb4bcd48 --- /dev/null +++ b/patches/common/v8/do_not_export_private_v8_symbols_on_windows.patch @@ -0,0 +1,52 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Tomas Rycl +Date: Mon, 13 May 2019 15:48:48 +0200 +Subject: Do not export private V8 symbols on Windows + +This change stops private V8 symbols and internal crt methods being exported. +It fixes an issue where native node modules can import +incorrect CRT methods and crash on Windows. +It also reduces size of node.lib by 75%. + +This patch can be safely removed if, when it is removed, `node.lib` does not +contain any standard C++ library exports (e.g. `std::ostringstream`). + +diff --git a/BUILD.gn b/BUILD.gn +index f43c42a62e1a2d273ece56377c328addb8b99d66..fcf110e673b92070cc1931b376f8a26d38b188e4 100644 +--- a/BUILD.gn ++++ b/BUILD.gn +@@ -212,6 +212,10 @@ config("internal_config") { + + defines = [] + ++ if (!is_component_build && is_electron_build) { ++ defines += [ "HIDE_PRIVATE_SYMBOLS" ] ++ } ++ + if (is_component_build || is_electron_build) { + defines += [ "BUILDING_V8_SHARED" ] + } +diff --git a/src/globals.h b/src/globals.h +index 6edc5d01b4ff503d05d70a7e40959fbc7f972628..d442f691729bd661488018c55e621169cc52ee5e 100644 +--- a/src/globals.h ++++ b/src/globals.h +@@ -20,13 +20,17 @@ + #ifdef V8_OS_WIN + + // Setup for Windows shared library export. ++#if defined(HIDE_PRIVATE_SYMBOLS) ++#define V8_EXPORT_PRIVATE ++#else //if !defined(HIDE_PRIVATE_SYMBOLS) + #ifdef BUILDING_V8_SHARED + #define V8_EXPORT_PRIVATE __declspec(dllexport) + #elif USING_V8_SHARED + #define V8_EXPORT_PRIVATE __declspec(dllimport) +-#else ++#else //!(BUILDING_V8_SHARED || USING_V8_SHARED) + #define V8_EXPORT_PRIVATE +-#endif // BUILDING_V8_SHARED ++#endif ++#endif + + #else // V8_OS_WIN + From df60a800b9c4b157b906a0ee029ef078fb2b9f72 Mon Sep 17 00:00:00 2001 From: Milan Burda Date: Tue, 4 Jun 2019 18:09:42 +0200 Subject: [PATCH 3/4] fix: [parser] LiteralBuffer::ExpandBuffer always grows (#18568) --- patches/common/v8/.patches | 1 + ...eralbuffer_expandbuffer_always_grows.patch | 49 +++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 patches/common/v8/parser_literalbuffer_expandbuffer_always_grows.patch diff --git a/patches/common/v8/.patches b/patches/common/v8/.patches index 3ac7b1da11d33..fbbbb0f44902a 100644 --- a/patches/common/v8/.patches +++ b/patches/common/v8/.patches @@ -22,3 +22,4 @@ do_not_run_arm_arm64_mksnapshot_binaries.patch do_not_export_private_v8_symbols_on_windows.patch turbofan_fix_wrong_typing_of_speculativesafeintegersubtract.patch turbofan_restrict_redundancy_elimination_from_widening_types.patch +parser_literalbuffer_expandbuffer_always_grows.patch diff --git a/patches/common/v8/parser_literalbuffer_expandbuffer_always_grows.patch b/patches/common/v8/parser_literalbuffer_expandbuffer_always_grows.patch new file mode 100644 index 0000000000000..9fd0b7123321a --- /dev/null +++ b/patches/common/v8/parser_literalbuffer_expandbuffer_always_grows.patch @@ -0,0 +1,49 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Toon Verwaest +Date: Fri, 11 Jan 2019 11:27:18 +0100 +Subject: [parser] LiteralBuffer::ExpandBuffer always grows + +Bug: chromium:914736 +Change-Id: Id02715b69361d15df23c70f85f3250526369547f +Reviewed-on: https://chromium-review.googlesource.com/c/1405859 +Reviewed-by: Leszek Swirski +Commit-Queue: Toon Verwaest +Cr-Commit-Position: refs/heads/master@{#58734} + +diff --git a/src/parsing/scanner.cc b/src/parsing/scanner.cc +index 852b5e400b3ffe84e464a2d63c943a30b497ac69..267b38fd7fed38421b9b6e315b02771dbab9381f 100644 +--- a/src/parsing/scanner.cc ++++ b/src/parsing/scanner.cc +@@ -67,13 +67,14 @@ Handle Scanner::LiteralBuffer::Internalize(Isolate* isolate) const { + } + + int Scanner::LiteralBuffer::NewCapacity(int min_capacity) { +- int capacity = Max(min_capacity, backing_store_.length()); +- int new_capacity = Min(capacity * kGrowthFactory, capacity + kMaxGrowth); +- return new_capacity; ++ return min_capacity < (kMaxGrowth / (kGrowthFactor - 1)) ++ ? min_capacity * kGrowthFactor ++ : min_capacity + kMaxGrowth; + } + + void Scanner::LiteralBuffer::ExpandBuffer() { +- Vector new_store = Vector::New(NewCapacity(kInitialCapacity)); ++ int min_capacity = Max(kInitialCapacity, backing_store_.length()); ++ Vector new_store = Vector::New(NewCapacity(min_capacity)); + MemCopy(new_store.start(), backing_store_.start(), position_); + backing_store_.Dispose(); + backing_store_ = new_store; +diff --git a/src/parsing/scanner.h b/src/parsing/scanner.h +index 34da5fafbf733fd326e91baeeac26bf4517c9fcf..d779317c55567311dc266af101815d2740d28e0b 100644 +--- a/src/parsing/scanner.h ++++ b/src/parsing/scanner.h +@@ -453,8 +453,7 @@ class Scanner { + + private: + static const int kInitialCapacity = 16; +- static const int kGrowthFactory = 4; +- static const int kMinConversionSlack = 256; ++ static const int kGrowthFactor = 4; + static const int kMaxGrowth = 1 * MB; + + inline bool IsValidAscii(char code_unit) { From a6f9b6f72b0135ffe98bc29d63117f48b1603e0b Mon Sep 17 00:00:00 2001 From: Milan Burda Date: Tue, 4 Jun 2019 18:23:30 +0200 Subject: [PATCH 4/4] fix: [FileSystem] Harden against overflows of OperationID a bit better (#18572) --- patches/common/chromium/.patches | 1 + ...verflows_of_operationid_a_bit_better.patch | 43 +++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 patches/common/chromium/filesystem_harden_against_overflows_of_operationid_a_bit_better.patch diff --git a/patches/common/chromium/.patches b/patches/common/chromium/.patches index 7423618cacc4b..e18d46f0b274c 100644 --- a/patches/common/chromium/.patches +++ b/patches/common/chromium/.patches @@ -104,3 +104,4 @@ tabbed_window_lagging.patch restore_live_region_changed_events_for_processing_by_jaws_focus_mode.patch enable_quic_proxies_for_https_urls.patch fix_svg_crash_for_v0_distribution_into_foreignobject.patch +filesystem_harden_against_overflows_of_operationid_a_bit_better.patch diff --git a/patches/common/chromium/filesystem_harden_against_overflows_of_operationid_a_bit_better.patch b/patches/common/chromium/filesystem_harden_against_overflows_of_operationid_a_bit_better.patch new file mode 100644 index 0000000000000..789949d398a7e --- /dev/null +++ b/patches/common/chromium/filesystem_harden_against_overflows_of_operationid_a_bit_better.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Marijn Kruisselbrink +Date: Tue, 29 Jan 2019 19:51:07 +0000 +Subject: [FileSystem] Harden against overflows of OperationID a bit better. + +Rather than having a UAF when OperationID overflows instead overwrite +the old operation with the new one. Can still cause weirdness, but at +least won't result in UAF. Also update OperationID to uint64_t to +make sure we don't overflow to begin with. + +Bug: 925864 +Change-Id: Ifdf3fa0935ab5ea8802d91bba39601f02b0dbdc9 +Reviewed-on: https://chromium-review.googlesource.com/c/1441498 +Commit-Queue: Marijn Kruisselbrink +Reviewed-by: Victor Costan +Cr-Commit-Position: refs/heads/master@{#627115} + +diff --git a/storage/browser/fileapi/file_system_operation_runner.cc b/storage/browser/fileapi/file_system_operation_runner.cc +index fbda72b3cdf851947aa697776e54e0b5092e729b..09af7c0c8c9099489286152009f05ad49d968174 100644 +--- a/storage/browser/fileapi/file_system_operation_runner.cc ++++ b/storage/browser/fileapi/file_system_operation_runner.cc +@@ -701,7 +701,7 @@ FileSystemOperationRunner::BeginOperation( + base::WeakPtr scope) { + OperationHandle handle; + handle.id = next_operation_id_++; +- operations_.emplace(handle.id, std::move(operation)); ++ operations_[handle.id] = std::move(operation); + handle.scope = scope; + return handle; + } +diff --git a/storage/browser/fileapi/file_system_operation_runner.h b/storage/browser/fileapi/file_system_operation_runner.h +index a330f4802d5d5c721d8bba460f25edc2f8e1340a..97f9e0d81163d08644f0cee5b9da21ac24b300af 100644 +--- a/storage/browser/fileapi/file_system_operation_runner.h ++++ b/storage/browser/fileapi/file_system_operation_runner.h +@@ -53,7 +53,7 @@ class STORAGE_EXPORT FileSystemOperationRunner + using CopyOrMoveOption = FileSystemOperation::CopyOrMoveOption; + using GetMetadataField = FileSystemOperation::GetMetadataField; + +- using OperationID = int; ++ using OperationID = uint64_t; + + virtual ~FileSystemOperationRunner(); +