fix: prevent UAF in NativeImage.getBitmap (#25782)

electron · Oct 6, 2020 · f31a1c9 · f31a1c9
1 parent 0632d59
commit f31a1c9
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/shell/common/api/electron_api_native_image.cc b/shell/common/api/electron_api_native_image.cc
@@ -103,8 +103,6 @@ base::win::ScopedHICON ReadICOFromPath(int size, const base::FilePath& path) {
 }
 #endif
 
-void Noop(char*, void*) {}
-
 }  // namespace
 
 NativeImage::NativeImage(v8::Isolate* isolate, const gfx::Image& image)
@@ -224,6 +222,10 @@ std::string NativeImage::ToDataURL(gin::Arguments* args) {
       image_.AsImageSkia().GetRepresentation(scale_factor).GetBitmap());
 }
 
+void SkUnref(char* data, void* hint) {
+  reinterpret_cast<SkRefCnt*>(hint)->unref();
+}
+
 v8::Local<v8::Value> NativeImage::GetBitmap(gin::Arguments* args) {
   float scale_factor = GetScaleFactorFromOptions(args);
 
@@ -232,9 +234,10 @@ v8::Local<v8::Value> NativeImage::GetBitmap(gin::Arguments* args) {
   SkPixelRef* ref = bitmap.pixelRef();
   if (!ref)
     return node::Buffer::New(args->isolate(), 0).ToLocalChecked();
+  ref->ref();
   return node::Buffer::New(args->isolate(),
                            reinterpret_cast<char*>(ref->pixels()),
-                           bitmap.computeByteSize(), &Noop, nullptr)
+                           bitmap.computeByteSize(), &SkUnref, ref)
       .ToLocalChecked();
 }